No project description provided
Project description
ntfsfind
A tool for search file paths from an NTFS volume on a Raw Image file.
Usage
$ ntfsfind <query_regex> ./path/to/your/imagefile.raw
Example
$ ntfsfind '.*\.evtx' ./path/to/your/imagefile.raw
Options
--volume-num, -n: NTFS volume number(default: autodetect).
--multiprocess, -m: flag to run multiprocessing.
Installation
via PyPI
$ pip install ntfsfind
Run with Docker
https://hub.docker.com/r/sumeshi/ntfsfind
$ docker run -t --rm -v $(pwd):/app/work sumeshi/ntfsfind:latest '/\$MFT' /app/work/sample.raw
Contributing
The source code for ntfsfind is hosted at GitHub, and you may download, fork, and review it from this repository(https://github.com/sumeshi/ntfsfind).
Please report issues and feature requests. :sushi: :sushi: :sushi:
License
ntfsfind is released under the MIT License.
Powered by pytsk3.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ntfsfind-2.1.0.tar.gz
(3.5 kB
view hashes)
