Parse NTFS reparse points

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for stolenfootball from gravatar.com stolenfootball

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc...)
  • Author: Jeremy Dunn
  • Tags ntfs , reparse point , parse , reparsepoint , onedrive
  • Requires: Python >=3.6.0
Classifiers
Report project as malware

Project description

parse-reparsepoint

Python program to parse out and display reparse point info present in an NTFS MFT entry

Overview

This project takes a raw NTFS image and an MFT entry number. It then:

  • Finds the MFT entry corresponding to the number
  • Checks if it belongs to a reparse point
  • Analyzes any info it can find in regards to the reparse point

It currently has the ability to resolve the meaning of any reparse tag listed in the Microsoft documentation, and can retrieve information from the reparse data section of the following types of reparse points:

  • OneDrive Cloud-only files
  • Symbolic Links
  • Windows Mount Points

Installation

This project can be installed with pip using the following command: python3 -m pip install parse-reparsepoint

Usage

usage: parse-reparsepoint [-h] -f FILE -m MFT_ENTRY

Parse reparse point

options:
  -h, --help                               show this help message and exit
  -f FILE, --file FILE                     Path to file
  -m MFT_ENTRY, --mft-entry MFT_ENTRY      MFT entry to parse

example:
  parse-reparsepoint -f Windows-10-Dev.raw -m 247645

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for stolenfootball from gravatar.com stolenfootball

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 or later (GPLv3+) (GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc...)
  • Author: Jeremy Dunn
  • Tags ntfs , reparse point , parse , reparsepoint , onedrive
  • Requires: Python >=3.6.0
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

parse-reparsepoint-0.1.0.tar.gz (46.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

parse_reparsepoint-0.1.0-py3-none-any.whl (34.0 kB view details)

Uploaded Python 3

File details

Details for the file parse-reparsepoint-0.1.0.tar.gz.

File metadata

  • Download URL: parse-reparsepoint-0.1.0.tar.gz
  • Upload date:
  • Size: 46.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.12

File hashes

Hashes for parse-reparsepoint-0.1.0.tar.gz
Algorithm Hash digest
SHA256 ffbf078eeee41052008f93885f3aac166b6d78051aab81217779a7e9b410c141
MD5 548c285d5934002ac1e268214da1d5b0
BLAKE2b-256 951dde04582878efa2e68d1816ef3a9a706120797030810f92eb023d67342058

See more details on using hashes here.

File details

Details for the file parse_reparsepoint-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for parse_reparsepoint-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2dbc0f164a86405da7e5046e7752a72f15a84ee9d2840d1cf870b3aed498691c
MD5 159af47d90611c2d830b94491f139dd4
BLAKE2b-256 e329294c621c7a1604b129ed20e99f58f5472998cc47778108f74dd52fb43180

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page