AnalyzeMFT
Jump to navigation
Jump to search
Description
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Installation
If you don't already have pip, install it with the following command:
$ sudo aptitude install python-pip
Install analyzeMFT with pip:
$ sudo pip install analyzeMFT
Usage
Syntax
Usage: analyzeMFT.py [options]
Options
- -h, --help
- show this help message and exit
- -v, --version
- report version and exit
- -f FILE, --file=FILE
- read MFT from FILE
- -o FILE, --output=FILE
- write results to FILE
- -a, --anomaly
- turn on anomaly detection
- -b FILE, --bodyfile=FILE
- write MAC information to bodyfile
- --bodystd
- Use STD_INFO timestamps for body file rather than FN timestamps
- --bodyfull
- Use full path name + filename rather than just filename
- -c FILE, --csvtimefile=FILE
- write CSV format timeline file
- -l, --localtz
- report times using local timezone
- -d, --debug
- turn on debugging output
- -s, --saveinmemory
- Save a copy of the decoded MFT in memory. Do not use for very large MFTs
- -p, --progress
- Show systematic progress reports.
Example
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.