ntrprtr configurations for forensic analysis of file systems
Project description
Description
ntrprtr configurations for forensic analysis of file systems
Installation
pip install ntrprtr_fs_forensics
Usage
Shell:
General
Option | Short | Type | Default | Description |
---|---|---|---|---|
--mode | -m | String | - | copy = Create a local copy of file system forensics configuration files |
mode = copy
Option | Short | Type | Default | Description |
---|---|---|---|---|
--path | -p | String | "" | Path for local copy of ntrprtr configuration files |
Example
To use this configuration files install ntrprtr
and ntrprtr_fs_forensics
:
pip install ntrprtr
pip install ntrprtr_fs_forensics
To use the files, create a local copy:
python -m ntrprtr_fs_forensics -m copy -p .
It creates the following structure:
./ntrprtr-fsf-config
|
├───ext
│ ext-group-descriptor-table.json
│ ext-inode.json
│ ext-super-block.json
│
├───fat
│ fat-directory-entry.json
│ fat-fs-info.json
│ fat-long-filename.json
│ fat-vbr-fat1216.json
│ fat-vbr-fat32.json
│ fat-vbr-type.json
│ fat-vbr.json
|
├───gpt
│ gpt-entry.json
| gpt-header.json
|
├───mbr
│ mbr.json
│
└───ntfs
ntfs-attribute-file-name.json
ntfs-attribute-header-general.json
ntfs-attribute-header-non-resident.json
ntfs-attribute-header-resident.json
ntfs-attribute-standard-information.json
ntfs-mft-entry-header.json
ntfs-vbr.json
Now just use the config as input for ntrprtr
:
python -m ntrprtr -m interpret -p dir-entry.bin -c ./ntrprtr-fsf-config/fat/fat-directory-entry.json -r result.txt
License
MIT
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ntrprtr_fs_forensics-1.0.0.tar.gz
(14.9 kB
view hashes)
Built Distribution
Close
Hashes for ntrprtr_fs_forensics-1.0.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 92aeee62970d3b037954d1bc3579eaffedb6358374536819cec3619be8fc2f49 |
|
MD5 | 4f5250c87a86d43cef81e8ea7b8dcba6 |
|
BLAKE2b-256 | bfe417e9110bfe8a3bc6c63d07d8d18ba3523b42a4ba1bcd90a0afab8e71cb2b |
Close
Hashes for ntrprtr_fs_forensics-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5e096c04bd28c4c6fe99e2a0b1ea8955e014672bba4b6977c7694e3cbeebdea5 |
|
MD5 | 9f256cc4d96cec198b87b58d4cf63c6e |
|
BLAKE2b-256 | 3e93451c78bfa22e65cca703373ed1366b480cef5e1174252f7dff9956b1a496 |