mft.py
809 Bytes
import os
import logger
import tomb
from modules.module import Module
from runcmd import runProcess
def getInstance():
return MFTModule()
class MFTModule(Module):
def __init__(self):
self.name = "mft"
self.description = "Extracts NTFS MFT"
self.requiredVars = ["ntfsvol"]
self.vars = {}
def run(self):
path = tomb.getPath() + self.name + "/"
if(not os.path.exists(path)):
os.mkdir(path)
logger.msgLog("Extracting MFT from volumes: " + repr(self.vars['ntfsvol'].value), "mft", logger.TYPE_INFO)
for vol in self.vars['ntfsvol'].value:
result,code = runProcess(["icat","/dev/" + vol,"0"])
mftbin = open(path + vol + ".bin",'wb')
mftbin.write(result)
mftbin.close()