Imanol-Mikel Barba Sabariego / gravedigger · Files

Blame view

modules/mft.py 560 Bytes
Edit Raw Normal View History
Preliminary digger core + plugin...
40231d86
 
Imanol-Mikel Barba Sabariego authored 
1
 
from module import Module
MFT module completed
36718063
 
Imanol-Mikel Barba Sabariego authored 
2
3
 
from runcmd import runProcess
import tomb
Preliminary digger core + plugin...
40231d86
 
Imanol-Mikel Barba Sabariego authored 
4
By design, shared vars won't exi...
2a93f649
 
Imanol-Mikel Barba Sabariego authored 
5
6
 
def getInstance():
    return MFTModule()
Preliminary digger core + plugin...
40231d86
 
Imanol-Mikel Barba Sabariego authored 
7
8
9
 

class MFTModule(Module):
By design, shared vars won't exi...
2a93f649
 
Imanol-Mikel Barba Sabariego authored 
10
 
    def __init__(self):
Preliminary digger core + plugin...
40231d86
 
Imanol-Mikel Barba Sabariego authored 
11
12
 
        self.name = "mft"
        self.description = "Extracts NTFS MFT"
By design, shared vars won't exi...
2a93f649
 
Imanol-Mikel Barba Sabariego authored 
13
14
 
        self.requiredVars = ["ntfsvol"]
        self.vars = {}
Preliminary digger core + plugin...
40231d86
 
Imanol-Mikel Barba Sabariego authored 
15
16
 

    def run(self):
MFT module completed
36718063
 
Imanol-Mikel Barba Sabariego authored 
17
18
19
20
21
 
        for vol in self.vars['ntfsvol'].value:
            result = runProcess(["icat","/dev/" + vol,"0"])
            mftbin = open(tomb.getPath() + "mft/" + vol + ".bin",'wb')
            mftbin.write(result[0])
            mftbin.close()
Preliminary digger core + plugin...
40231d86
 
Imanol-Mikel Barba Sabariego authored 
22