Imanol-Mikel Barba Sabariego / gravedigger · Files

from module import Module
from runcmd import runProcess
import tomb

def getInstance():
    return MFTModule()

class MFTModule(Module):

    def __init__(self):
        self.name = "mft"
        self.description = "Extracts NTFS MFT"
        self.requiredVars = ["ntfsvol"]
        self.vars = {}

    def run(self):
        for vol in self.vars['ntfsvol'].value:
            result = runProcess(["icat","/dev/" + vol,"0"])
            mftbin = open(tomb.getPath() + "mft/" + vol + ".bin",'wb')
            mftbin.write(result[0])
            mftbin.close()