SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

analyzeMFT rpm build for : OpenSuSE. For other distributions click analyzeMFT.

Name : analyzeMFT
Version : 2.0.4 Vendor : openSUSE
Release : 4.3 Date : 2016-10-02 10:31:00
Group : Development/Libraries/Python Source RPM : analyzeMFT-2.0.4-4.3.src.rpm
Size : 0.08 MB
Packager : http://bugs_opensuse_org
Summary : A Python tool to deconstruct the Windows NTFS $MFT file
Description :
analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in a format that allows further analysis with other tools. At present, it parses the attributes from a $MFT file to produce the following output:

Record Number
Good - if the entry is valid
Active - if the entry is active
Record type - the type of record
Record Sequence - the sequence number for the record
Parent Folder Record Number
Parent Folder Sequence Number
For the standard information attribute:
Creation date
Modification date
Access date
Entry date
For up to four file name records:
File name
Creation date
Modification date
Access date
Entry date
Object ID
Birth Volume ID
Birth Object ID
Birth Domain ID
And flags to show if each of the following attributes is present:
Standard Information, Attribute List, Filename, Object ID, Volume Name, Volume Info, Data, Index Root, Index Allocation, Bitmap, Reparse Point, EA Information, EA, Property Set, Logged Utility Stream
Notes/Log - Field used to log any significant events or observations relating to this record
std-fn-shift - Populated if anomaly detection is turned on. Y/N. Y indicates that the FN create date is later than the STD create date.
usec-zero - Populated if anomaly detection is turned on. Y/N. Y indicates that the STD create date\'s microsecond value is zero.

For each entry in the MFT a record is written to an output file in CSV format.

Major contributions from Matt Sabourin.

RPM found in directory: /mirror/ftp.opensuse.org/ports/aarch64/distribution/leap/42.2/repo/oss/suse/noarch

Content of RPM  Changelog  Provides Requires

Download
ftp.pbone.net  analyzeMFT-2.0.4-4.3.noarch.rpm
ftp.pbone.net  analyzeMFT-2.0.4-4.3.noarch.rpm
     

Provides :
analyzeMFT

Requires :
/usr/bin/python
rpmlib(CompressedFileNames) <= 3.0.4-1
python
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
python(abi) = 2.7
rpmlib(PayloadIsLzma) <= 4.4.6-1
python-tk


Content of RPM :
/usr/bin/analyzeMFT.py
/usr/lib/python2.7/site-packages/analyzeMFT-2.0.4-py2.7.egg-info
/usr/lib/python2.7/site-packages/analyzemft
/usr/lib/python2.7/site-packages/analyzemft/__init__.py
/usr/lib/python2.7/site-packages/analyzemft/__init__.pyc
/usr/lib/python2.7/site-packages/analyzemft/mft.py
/usr/lib/python2.7/site-packages/analyzemft/mft.pyc
/usr/lib/python2.7/site-packages/analyzemft/mftsession.py
/usr/lib/python2.7/site-packages/analyzemft/mftsession.pyc
/usr/lib/python2.7/site-packages/analyzemft/mftutils.py
/usr/lib/python2.7/site-packages/analyzemft/mftutils.pyc
/usr/lib/python2.7/site-packages/analyzemft/test
/usr/lib/python2.7/site-packages/analyzemft/test/__init__.py
/usr/lib/python2.7/site-packages/analyzemft/test/__init__.pyc
/usr/share/doc/packages/analyzeMFT
/usr/share/doc/packages/analyzeMFT/CHANGES.txt
/usr/share/doc/packages/analyzeMFT/LICENSE.txt
/usr/share/doc/packages/analyzeMFT/README.txt