A tool for exporting any files from an NTFS volume on a Raw Image file.
Project description
ntfsdump
A tool for exporting any files from an NTFS volume on a Raw Image file.
Usage
$ ntfsdump <dump_target_winpath> --output-path <ouput_path> ./path/to/your/imagefile.raw
Example
The target path can be either alone or in a directory. In the case of a directory, it dumps the lower files recursively.
$ ntfsdump /Windows/System32/winevt/Logs -o ./dump ./path/to/your/imagefile.raw
Options
--volume-num, -n:
NTFS volume number(default 2, because volume1 is recovery partition).
--output-path, -o:
Output directory or file path.
If the target Path is a directory, the directory specified by --output-path is created and the target files is dump under it.
Otherwise, the file is dumped with the file name specified in the --output-path.)
Required Software
This software requires The Sleuth Kit.
https://www.sleuthkit.org/sleuthkit/
$ brew install sleuthkit
Installation
via pip
$ pip install ntfsdump
The source code for ntfsdump is hosted at GitHub, and you may download, fork, and review it from this repository(https://github.com/sumeshi/ntfsdump).
Please report issues and feature requests. :sushi: :sushi: :sushi:
License
ntfsdump is released under the MIT License.
Powered by The Sleuth Kit.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ntfsdump-1.0.3.tar.gz
(4.3 kB
view hashes)
