mauricelambert/DiskAnalyzer

 # DiskAnalyzer ## 描述 此包实现了多个库和工具，用于从磁盘和主分区解析、分析以及提取信息，适用于实时系统或完整磁盘文件。 - 纯 Python 包 - 在实时 Windows 系统上运行 - 分析 MBR (Master Boot Record) 和 GPT (GUID Partition Table) - 列出分区 - 分析 NTFS 分区 (New Technology File System) 的 VBR (Volume Boot Record) - 分析 MFT 文件和属性 (Master File Table) - 提取 MFT 文件 - 分析 MFT - 提取 MFT 条目 - 根据 MFT 生成文件完整路径 - 从 NTFS 分区提取文件内容 - 分析 FAT32 - 从 FAT32 分区提取文件内容 - 分析 ExFAT 引导扇区 - 修复不可启动磁盘的 MBR 以及 MFT/ExFAT 分区（使用磁盘雕刻） ## 要求 此包需要： - python3 - python3 标准库 ## 安装 ### Pip ``` python3 -m pip install DiskAnalyzer ``` ### Git ``` git clone "https://github.com/mauricelambert/DiskAnalyzer.git" cd "DiskAnalyzer" python3 -m pip install . ``` ### Wget ``` wget https://github.com/mauricelambert/DiskAnalyzer/archive/refs/heads/main.zip unzip main.zip cd DiskAnalyzer-main python3 -m pip install . ``` ### cURL ``` curl -O https://github.com/mauricelambert/DiskAnalyzer/archive/refs/heads/main.zip unzip main.zip cd DiskAnalyzer-main python3 -m pip install . ``` ## 使用 ### 命令行 ``` DiskAnalyzer # Using CLI package executable python3 -m DiskAnalyzer # Using python module python3 DiskAnalyzer.pyz # Using python executable DiskAnalyzer.exe # Using python Windows executable NtfsAnalyzer # Using CLI package executable python3 -m NtfsAnalyzer # Using python module python3 NtfsAnalyzer.pyz # Using python executable NtfsAnalyzer.exe # Using python Windows executable MftAnalyzer # Using CLI package executable python3 -m MftAnalyzer # Using python module python3 MftAnalyzer.pyz # Using python executable MftAnalyzer.exe # Using python Windows executable Fat32Analyzer # Using CLI package executable python3 -m Fat32Analyzer # Using python module python3 Fat32Analyzer.pyz # Using python executable Fat32Analyzer.exe # Using python Windows executable MbrRepair # Using CLI package executable python3 -m MbrRepair # Using python module python3 MbrRepair.pyz # Using python executable MbrRepair.exe # Using python Windows executable ExFatAnalyzer # Using CLI package executable python3 -m ExFatAnalyzer # Using python module python3 ExFatAnalyzer.pyz # Using python executable ExFatAnalyzer.exe # Using python Windows executable # Fat32Analyzer 拥有独立的参数解析器 Fat32Analyzer /path/to/fat32.img Fat32Analyzer /path/to/fat32.img -v # verbose # 其他命令使用相同的参数解析器： # （仅有一个可选参数：filepath，默认值：主磁盘文件） MbrRepair # main disk MbrRepair /path/to/disk DiskAnalyzer # main disk DiskAnalyzer /path/to/disk NtfsAnalyzer # main disk NtfsAnalyzer /path/to/disk MftAnalyzer # main disk MftAnalyzer /path/to/disk ExFatAnalyzer # main disk ExFatAnalyzer /path/to/disk ``` ### Python 脚本 ``` from DiskAnalyzer import * print(disk_parsing(file_path="/path/to/disk").to_partition()) file, vbr, ntfs_offset = ntfs_parse(file_path="/path/to/disk") ( file, mft_entry, mft_entry_raw_data, mft_entry_offset, mft_entry_size, ntfs_offset, cluster_size, ) = parse_mft(file_path=filename) file_extract(file, mft_entry, "$MFT", mft_entry_raw_data, ntfs_offset) with open( "MftEntries.csv", newline='', encoding="utf-8" # NOTE: MftEntries.csv was generated by running DiskAnalyzer from the command line ) as entries, open( "FullPath.csv", newline='', encoding="utf-8" # NOTE: FullPath.csv was generated by running DiskAnalyzer from the command line ) as full_path, open("SAM", 'wb') as sam, open("SYSTEM", 'wb') as system: file_extract_from_csv( r'\\.\C:\.\Windows\System32\config\SAM', sam, entries, full_path, file ) file_extract_from_csv( r'\\.\C:\.\Windows\System32\config\SYSTEM', system, entries, full_path, file ) file.close() ``` ## 链接 - [Pypi](https://pypi.org/project/DiskAnalyzer) - [Github](https://github.com/mauricelambert/DiskAnalyzer) - [DiskAnalyzer - 文档](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/DiskAnalyzer.html) - [DiskAnalyzer - Python 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/DiskAnalyzer.pyz) - [DiskAnalyzer - Python Windows 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/DiskAnalyzer.exe) - [NtfsAnalyzer - 文档](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/NtfsAnalyzer.html) - [NtfsAnalyzer - Python 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/NtfsAnalyzer.pyz) - [NtfsAnalyzer - Python Windows 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/NtfsAnalyzer.exe) - [MftAnalyzer - 文档](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/MftAnalyzer.html) - [MftAnalyzer - Python 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/MftAnalyzer.pyz) - [MftAnalyzer - Python Windows 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/MftAnalyzer.exe) - [Fat32Analyzer - 文档](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/Fat32Analyzer.html) - [Fat32Analyzer - Python 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/Fat32Analyzer.pyz) - [Fat32Analyzer - Python Windows 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/Fat32Analyzer.exe) - [ExFatAnalyzer - 文档](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/ExFatAnalyzer.html) - [ExFatAnalyzer - Python 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/ExFatAnalyzer.pyz) - [ExFatAnalyzer - Python Windows 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/ExFatAnalyzer.exe) - [MbrRepair - 文档](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/MbrRepair.html) - [MbrRepair - Python 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/MbrRepair.pyz) - [MbrRepair - Python Windows 可执行文件](https://mauricelambert.github.io/info/python/security/DiskAnalyzer/MbrRepair.exe) ## 许可证 根据 [GPL, 版本 3](https://www.gnu.org/licenses/) 授权。

标签：Conpot, ExFAT, FAT32, GPT解析, HTTP工具, MBR解析, meg, MFT分析, NTFS解析, Python, Windows安全, 主引导记录, 二进制发布, 信息安全, 卷引导记录, 取证工具, 开源工具, 数据恢复, 数据雕刻, 文件提取, 文件系统, 无后门, 磁盘修复, 磁盘分析, 解析库, 逆向工具