analyzeMFT-2.0.19-1.fc25.x86_64.rpm


Advertisement

Description

analyzeMFT - analyzeMFT

Property Value
Distribution Fedora 25
Repository CERT Forensics Tools x86_64
Package name analyzeMFT
Package version 2.0.19
Package release 1.fc25
Package architecture x86_64
Package type rpm
Installed size 85.82 KB
Download size 33.81 KB
Official Mirror forensics.cert.org
analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem
and present the results as accurately as possible in multiple formats.

Alternatives

Package Version Architecture Repository
analyzeMFT-2.0.19.1-1.fc25.i686.rpm 2.0.19.1 i686 CERT Forensics Tools
analyzeMFT-2.0.19.1-1.fc25.x86_64.rpm 2.0.19.1 x86_64 CERT Forensics Tools
analyzeMFT-2.0.19-1.fc25.i686.rpm 2.0.19 i686 CERT Forensics Tools
analyzeMFT - - -

Requires

Name Value
/usr/bin/python -
python(abi) = 2.7

Provides

Name Value
analyzeMFT = 2.0.19-1.fc25
analyzeMFT(x86-64) = 2.0.19-1.fc25
python2.7dist(analyzemft) = 2.0.19
python2dist(analyzemft) = 2.0.19

Download

Type URL
Binary Package analyzeMFT-2.0.19-1.fc25.x86_64.rpm
Source Package analyzeMFT-2.0.19-1.fc25.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-25 rpm:
    https://forensics.cert.org/cert-forensics-tools-release-25.rpm
  2. Install cert-forensics-tools-release-25 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install analyzeMFT rpm package:
    # dnf --enablerepo=forensics install analyzeMFT

Files

Path
/usr/bin/analyzeMFT
/usr/bin/analyzeMFT.py
/usr/lib/python2.7/site-packages/analyzeMFT-2.0.19-py2.7.egg-info
/usr/lib/python2.7/site-packages/analyzemft/__init__.py
/usr/lib/python2.7/site-packages/analyzemft/__init__.pyc
/usr/lib/python2.7/site-packages/analyzemft/__init__.pyo
/usr/lib/python2.7/site-packages/analyzemft/bitparse.py
/usr/lib/python2.7/site-packages/analyzemft/bitparse.pyc
/usr/lib/python2.7/site-packages/analyzemft/bitparse.pyo
/usr/lib/python2.7/site-packages/analyzemft/mft.py
/usr/lib/python2.7/site-packages/analyzemft/mft.pyc
/usr/lib/python2.7/site-packages/analyzemft/mft.pyo
/usr/lib/python2.7/site-packages/analyzemft/mftsession.py
/usr/lib/python2.7/site-packages/analyzemft/mftsession.pyc
/usr/lib/python2.7/site-packages/analyzemft/mftsession.pyo
/usr/lib/python2.7/site-packages/analyzemft/mftutils.py
/usr/lib/python2.7/site-packages/analyzemft/mftutils.pyc
/usr/lib/python2.7/site-packages/analyzemft/mftutils.pyo

Changelog

2016-05-27 - Lawrence R. Rogers <lrr@cert.org> - 2.0.19-1
- Release 2.0.19
v2.0.19,05/27/2016 - (Contributed by lespea)
- Properly deal with fncnt findings > 3
- Allow the user to use either windows or unix path seperators
- General code cleanup
2016-05-27 - Lawrence R. Rogers <lrr@cert.org> - 2.0.18-1
- Release 2.0.18
v2.0.18,05/24/2015 - Versioning hack
2016-05-24 - Lawrence R. Rogers <lrr@cert.org> - 2.0.17-1
- Release 2.0.17
v2.0.17,05/23/2015 - Versioning hack
2016-05-21 - Lawrence R. Rogers <lrr@cert.org> - 2.0.16-1
- Release 2.0.16
v2.0.16,05/21/2015 - Documentation fix and attribute fixes based on NTFS version with thanks to Joachim Metz
2015-02-08 - Lawrence R. Rogers <lrr@cert.org> - 2.0.15-1
- Release 2.0.15
v2.0.15,02/08/2015 - fix 2's complement computation (Willi)
- Added anomaly detection back in. Missing since V2.0.0 in the summer of 2013
2014-10-24 - Lawrence R. Rogers <lrr@cert.org> - 2.0.14-1
- Release 2.0.14
v2.0.14,11/24/2014 - Fixing directory structure.
2014-03-15 - Lawrence R. Rogers <lrr@cert.org> - 2.0.12-1
- Release 2.0.12
v2.0.12,03/15/2014 -- (Contributed by Brice) Added -e, --excel switch to print date/times in format that will
cause Excel to import them properly.
2013-10-04 - Lawrence R. Rogers <lrr@cert.org> - 2.0.11-1
- Release 2.0.11
Initial release to the CERT Linux Repository

See Also

Package Description
apfs-fuse-20180303-1.fc25.x86_64.rpm A read-only FUSE driver for the new Apple File System
apfs-fuse-20180424-1.fc25.x86_64.rpm A read-only FUSE driver for the new Apple File System
apfs-fuse-20180604-1.fc25.x86_64.rpm A read-only FUSE driver for the new Apple File System
apfs-fuse-20180604-2.fc25.x86_64.rpm A read-only FUSE driver for the new Apple File System
apfs-fuse-20180720-1.fc25.x86_64.rpm A read-only FUSE driver for the new Apple File System
artifacts-20161022-1.fc25.x86_64.rpm artifacts - knowledge base of forensic artifacts
artifacts-20170727-1.fc25.x86_64.rpm artifacts - knowledge base of forensic artifacts
artifacts-20171107-1.fc25.x86_64.rpm artifacts - knowledge base of forensic artifacts
artifacts-20180115-1.fc25.x86_64.rpm artifacts - knowledge base of forensic artifacts
artifacts-20180505-1.fc25.x86_64.rpm artifacts - knowledge base of forensic artifacts
artifacts-20180628-1.fc25.x86_64.rpm artifacts - knowledge base of forensic artifacts
ataraw-0.2.1-1.fc25.x86_64.rpm Linux user-level ATA raw command utility
autopsy-2.24-1.fc25.noarch.rpm Autopsy Forensic Browser
bencode-1.0-1.fc25.noarch.rpm The BitTorrent bencode module as light-weight, standalone package
bencode-2.0.0-1.fc25.noarch.rpm The BitTorrent bencode module as light-weight, standalone package
Advertisement
Advertisement