Parse NTFS reparse points
Project description
parse-reparsepoint
Python program to parse out and display reparse point info present in an NTFS MFT entry
Overview
This project takes a raw NTFS image and an MFT entry number. It then:
- Finds the MFT entry corresponding to the number
- Checks if it belongs to a reparse point
- Analyzes any info it can find in regards to the reparse point
It currently has the ability to resolve the meaning of any reparse tag listed in the Microsoft documentation, and can retrieve information from the reparse data section of the following types of reparse points:
- OneDrive Cloud-only files
- Symbolic Links
- Windows Mount Points
Installation
This project can be installed with pip
using the following command:
python3 -m pip install parse-reparsepoint
Usage
usage: parse-reparsepoint [-h] -f FILE -m MFT_ENTRY
Parse reparse point
options:
-h, --help show this help message and exit
-f FILE, --file FILE Path to file
-m MFT_ENTRY, --mft-entry MFT_ENTRY MFT entry to parse
example:
parse-reparsepoint -f Windows-10-Dev.raw -m 247645
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
parse-reparsepoint-0.1.0.tar.gz
(46.2 kB
view hashes)
Built Distribution
Close
Hashes for parse_reparsepoint-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2dbc0f164a86405da7e5046e7752a72f15a84ee9d2840d1cf870b3aed498691c |
|
MD5 | 159af47d90611c2d830b94491f139dd4 |
|
BLAKE2b-256 | e329294c621c7a1604b129ed20e99f58f5472998cc47778108f74dd52fb43180 |