Imanol-Mikel Barba Sabariego / gravedigger · Files

import os

import logger
import tomb
from modules.module import Module
from runcmd import runProcess

def getInstance():
    return MFTModule()

class MFTModule(Module):

    def __init__(self):

        self.name = "mft"
        self.description = "Extracts NTFS MFT"

        self.requiredVars = ["ntfsvol"]
        self.vars = {}

    def execute(self):

        path = tomb.getPath() + self.name + "/"

        if(not os.path.exists(path)):
            os.mkdir(path)

            logger.msgLog("Extracting MFT from volumes: " + repr(self.vars['ntfsvol'].value), "mft", logger.TYPE_INFO)

        for vol in self.vars['ntfsvol'].value:

            result,code = runProcess(["icat","/dev/" + vol,"0"])

            mftbin = open(path + vol + ".bin",'wb')

            mftbin.write(result)

            mftbin.close()