Open patatetom opened 6 years ago
williballenthin
commented
6 years ago analyzeMFT is written in python2 and does not support python3. there are a number of python3 incompatibilities (relative imports, print statements, etc.) that would need to be fixed even before regression testing happens. while it appears to install ok via pip3, you should not attempt to use it.
eddsalkield
commented
4 years ago I have forked the project and converted it to python3. This should work for your use case.
kovar-ursa
commented
4 years ago Thank you both. It would probably make sense to make that fork the "official" version.
eddsalkield
commented
4 years ago You can find it packaged at the PyPi, as analyzeMFT3.
joachimmetz
commented
4 years ago @dkovar what is the status of this? are you planning to merge the python3 changes back into this git repo? or has the "official" repo for analyzeMFT changed?
joachimmetz
commented
4 years ago @eddsalkield since analyzeMFT3 has no separate issue tracker
python3 -V
Python 3.7.6
PYTHONPATH=analyzeMFT3 python3 analyzeMFT3/analyzeMFT.py -f MFT.bin -b bodyfile --bodyfull -d
...
Traceback (most recent call last):
File "analyzeMFT3/analyzeMFT.py", line 12, in <module>
session.process_mft_file()
File "analyzeMFT3/analyzemft/mftsession.py", line 189, in process_mft_file
self.build_filepaths()
File "analyzeMFT3/analyzemft/mftsession.py", line 281, in build_filepaths
record = mft.parse_record(raw_record, self.options)
File "analyzeMFT3/analyzemft/mft.py", line 70, in parse_record
atr_record = decode_atr_header(raw_record[read_ptr:])
File "analyzeMFT3/analyzemft/mft.py", line 598, in decode_atr_header
d = {'type': struct.unpack("<L", s[:4])[0]}
TypeError: a bytes-like object is required, not 'str'
dkovar
commented
4 years ago I have not touched this project in many years and, alas, have no plans for it. I'm happy to turn it over to someone else if there is interest.
joachimmetz
commented
4 years ago @eddsalkield are you planning to continue the python 3 version of this project?
@dkovar it is unfortunate that this project has been abandoned, can you add some note to the README that this project is no longer actively maintained?
eddsalkield
commented
4 years ago Unfortunately I do not intend to continue the python3 version of the project, as I no longer use this utility.
joachimmetz
commented
4 years ago Ack, as requested before, mention something about the unmaintained status in the readme file.
kovar-ursa
commented
4 years ago From the README.
=========== STATUS
This project was my passion and my vehicle for exploring digital forensics for many years as well as a means for giving back to a community that gave me so much.
Unfortunately, I am no doing forensics on Windows filesystems and am not contributing to this project anymore. If someone else wishes to adopt it, please let me know.
David Kovar CEO, URSA Inc. Email: dkovar@ursasecure.com Cell: 650-278-1774
On Mar 22, 2020, at 4:22 AM, Joachim Metz notifications@github.com wrote:
Ack, as requested before, mention something about the unmaintained status in the readme file.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dkovar/analyzeMFT/issues/50#issuecomment-602163976, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVYVEQH6C7ZL7SEBPZOZELRIXDF5ANCNFSM4DSDWBRA.
joachimmetz
commented
4 years ago @kovar-ursa, ack thx, for updating it, I was mainly referring to @eddsalkield his update, the analyzeMFT3 README does not indicate the project is not maintained either https://github.com/eddsalkield/analyzeMFT3/blob/master/README.txt
eddsalkield
commented
3 years ago Thanks for the mention. I have modified the README to make it clear that my fork is unmaintained.
hi,
python2 and python3 may be installed together...