No project description provided
Project description
ntfsfind
A tool for search file paths from an NTFS volume on a Raw Image file.
Usage
$ ntfsfind <query_regex> ./path/to/your/imagefile.raw
Example
$ ntfsfind '.*\.evtx' ./path/to/your/imagefile.raw
Options
--volume-num, -n:
NTFS volume number(default 2, because volume1 is recovery partition).
Installation
via PyPI
$ pip install ntfsfind
Run with Docker
https://hub.docker.com/r/sumeshi/ntfsfind
$ docker run -t --rm -v $(pwd):/app/work sumeshi/ntfsfind:latest '/\$MFT' /app/work/sample.raw
Contributing
The source code for ntfsfind is hosted at GitHub, and you may download, fork, and review it from this repository(https://github.com/sumeshi/ntfsfind).
Please report issues and feature requests. :sushi: :sushi: :sushi:
License
ntfsfind is released under the MIT License.
Powered by pytsk3.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ntfsfind-2.0.0.tar.gz
(3.4 kB
view hashes)
