def mapDocxFromMFT(mft_path):
"""
This function parses the mft and returns
array of all docx files found in it
"""
# Array that will save the paths of all docx files
docx_array = []
# Start mft processing session
session = mftsession.MftSession()
# Set the parser options
session.mft_options()
# Set the mft file name (full path)
session.options.filename = mft_path
# Open the mft file
session.open_files()
# Parse the mft file
session.process_mft_file()
# Go over each entry in the mft
for entry in session.mft:
# Get the file name from the entry
entry_file_name = session.mft[entry]['filename']
# Check if the file is docx
if entry_file_name[-5:].lower() == ".docx":
# Add the file to the docx array
docx_array.append(entry_file_name)
# Return the final array
return docx_array
#!/usr/bin/python
try:
from analyzemft import mftsession
except:
from .analyzemft import mftsession
if __name__ == "__main__":
session = mftsession.MftSession()
session.mft_options()
session.open_files()
session.process_mft_file()
def __init__(self, mft_file_name, desired_extension, ip_address):
self.mft_file_name = mft_file_name
self.desired_extension = desired_extension
self.ip_address = ip_address
self.analyzeMFT_session = mftsession.MftSession()