This package implements multiples libraries and tools to parse, analyze and extract informations from disk a file.
Project description
DiskAnalyzer
Description
This package implements multiples libraries and tools to parse, analyze and extract informations from disk and main partition for the live system or a full disk file.
- Pure python package
- Running on live Windows system
- Analyze MBR (Master Boot Record) and GPT (GUID Partition Table)
- List partitions
- Analyze VBR (Volume Boot Record) for NTFS partition (New Technology File System)
- Analyze MFT file and attribute (Master File Table)
- Extract MFT file
- Analyze MFT
- Extract MFT Entries
- Generate file full from path from MFT
- Extract file content from NTFS partition
- Analyze FAT32
- Extract file content from FAT32 partition
- Analyze ExFAT Boot Sector
- Repair MBR for non bootable disk and MFT/ExFAT partitions (using disk carving)
Requirements
This package require:
- python3
- python3 Standard Library
Installation
Pip
python3 -m pip install DiskAnalyzer
Git
git clone "https://github.com/mauricelambert/DiskAnalyzer.git"
cd "DiskAnalyzer"
python3 -m pip install .
Wget
wget https://github.com/mauricelambert/DiskAnalyzer/archive/refs/heads/main.zip
unzip main.zip
cd DiskAnalyzer-main
python3 -m pip install .
cURL
curl -O https://github.com/mauricelambert/DiskAnalyzer/archive/refs/heads/main.zip
unzip main.zip
cd DiskAnalyzer-main
python3 -m pip install .
Usages
Command line
DiskAnalyzer # Using CLI package executable
python3 -m DiskAnalyzer # Using python module
python3 DiskAnalyzer.pyz # Using python executable
DiskAnalyzer.exe # Using python Windows executable
NtfsAnalyzer # Using CLI package executable
python3 -m NtfsAnalyzer # Using python module
python3 NtfsAnalyzer.pyz # Using python executable
NtfsAnalyzer.exe # Using python Windows executable
MftAnalyzer # Using CLI package executable
python3 -m MftAnalyzer # Using python module
python3 MftAnalyzer.pyz # Using python executable
MftAnalyzer.exe # Using python Windows executable
Fat32Analyzer # Using CLI package executable
python3 -m Fat32Analyzer # Using python module
python3 Fat32Analyzer.pyz # Using python executable
Fat32Analyzer.exe # Using python Windows executable
MbrRepair # Using CLI package executable
python3 -m MbrRepair # Using python module
python3 MbrRepair.pyz # Using python executable
MbrRepair.exe # Using python Windows executable
ExFatAnalyzer # Using CLI package executable
python3 -m ExFatAnalyzer # Using python module
python3 ExFatAnalyzer.pyz # Using python executable
ExFatAnalyzer.exe # Using python Windows executable
# Fat32Analyzer have it's own argument parser
Fat32Analyzer /path/to/fat32.img
Fat32Analyzer /path/to/fat32.img -v # verbose
# Other commands use the same argument parser:
# (only one optionale argument: filepath, defaulft: main disk file)
MbrRepair # main disk
MbrRepair /path/to/disk
DiskAnalyzer # main disk
DiskAnalyzer /path/to/disk
NtfsAnalyzer # main disk
NtfsAnalyzer /path/to/disk
MftAnalyzer # main disk
MftAnalyzer /path/to/disk
ExFatAnalyzer # main disk
ExFatAnalyzer /path/to/disk
Python script
from DiskAnalyzer import *
print(disk_parsing(file_path="/path/to/disk").to_partition())
file, vbr, ntfs_offset = ntfs_parse(file_path="/path/to/disk")
(
file,
mft_entry,
mft_entry_raw_data,
mft_entry_offset,
mft_entry_size,
ntfs_offset,
cluster_size,
) = parse_mft(file_path=filename)
file_extract(file, mft_entry, "$MFT", mft_entry_raw_data, ntfs_offset)
with open(
"MftEntries.csv", newline='', encoding="utf-8" # NOTE: MftEntries.csv was generated by running DiskAnalyzer from the command line
) as entries, open(
"FullPath.csv", newline='', encoding="utf-8" # NOTE: FullPath.csv was generated by running DiskAnalyzer from the command line
) as full_path, open("SAM", 'wb') as sam, open("SYSTEM", 'wb') as system:
file_extract_from_csv(
r'\\.\C:\.\Windows\System32\config\SAM', sam, entries, full_path, file
)
file_extract_from_csv(
r'\\.\C:\.\Windows\System32\config\SYSTEM', system, entries, full_path, file
)
file.close()
with open("MftEntries.csv", "w", newline="", encoding="utf-8") as entries_file, open("$MFT", "rb") as mft, open("FullPath.csv", "w", newline="", encoding="utf-8") as fullpath_file:
entries_writer = writer(entries_file, quoting=QUOTE_ALL)
fullpath_writer = writer(fullpath_file, quoting=QUOTE_ALL)
for mft_entry, data_positions in extracted_mft_analysis(mft, entries_writer, fullpath_writer):
pass
>>> from DiskAnalyzer.MftAnalyzer import parse_extracted_mft, get_data_positions, save_attribute, resolve_parents, file_names
>>> from csv import writer, QUOTE_ALL
>>> filename = "$MFT"
>>> with open("MftEntries.csv", "w", newline="", encoding="utf-8") as csv_file, open(filename, "rb") as mft:
... csv_writer = writer(csv_file, quoting=QUOTE_ALL)
... for mft_entry in parse_extracted_mft(mft):
... data_positions = []
... for offset, size, resident in get_data_positions(mft_entry, 0, 0):
... data_positions.append((offset, size, "resident" if resident else "non-resident"))
... save_attribute(csv_writer, mft_entry, mft.tell(), data_positions)
>>> with open("FullPath.csv", "w", newline="", encoding="utf-8") as csv_file:
... csv_writer = writer(csv_file, quoting=QUOTE_ALL)
... for record_sequence, name in file_names.items():
... full_path = resolve_parents(name, record_sequence, "$MFT")
... csv_writer.writerow(
... [
... str(record_sequence[0]),
... str(record_sequence[1]),
... name,
... full_path,
... ]
... )
>>>
Links
- Pypi
- Github
- DiskAnalyzer - Documentation
- DiskAnalyzer - Python executable
- DiskAnalyzer - Python Windows executable
- NtfsAnalyzer - Documentation
- NtfsAnalyzer - Python executable
- NtfsAnalyzer - Python Windows executable
- MftAnalyzer - Documentation
- MftAnalyzer - Python executable
- MftAnalyzer - Python Windows executable
- Fat32Analyzer - Documentation
- Fat32Analyzer - Python executable
- Fat32Analyzer - Python Windows executable
- ExFatAnalyzer - Documentation
- ExFatAnalyzer - Python executable
- ExFatAnalyzer - Python Windows executable
- MbrRepair - Documentation
- MbrRepair - Python executable
- MbrRepair - Python Windows executable
License
Licensed under the GPL, version 3.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
diskanalyzer-1.0.1.tar.gz
(52.1 kB
view details)
File details
Details for the file diskanalyzer-1.0.1.tar.gz.
File metadata
- Download URL: diskanalyzer-1.0.1.tar.gz
- Upload date:
- Size: 52.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
02b44ac4a822c3619e889c38e0347ad24d4045dbe334e60a0ca39581b3537b35
|
|
| MD5 |
df04c5fadee704affd883bc5c2c9408d
|
|
| BLAKE2b-256 |
3dff219c55d0845965662385e9130ad514296ed37e03567520111c5e0947c752
|
