Merge pull request #126 from rowingdude/development

AsyncIO rewrite

Author: rowingdude

.gitignore

@@ -331,4 +331,5 @@ tags
 .history/
 
 # Built Visual Studio Code Extensions
-*.vsix
+*.vsix
+test1.csv

CHANGES.md

@@ -3,19 +3,33 @@
 
 This document lists the changes and version history for the AnalyzeMFT script and component scripts.
 
+## Version 3.0.1 (2024-09-03)
+
+### Changes
+- Implementing asyncio for improved performance and responsiveness.
+- Handles potential issues with asyncio on different platforms, especially Windows.
+- Added the ability to compute and include various hash types (MD5, SHA256, SHA512, CRC32) optionally.
+
+### Fixes
+- Now uses a more robust method to build file paths, handling edge cases like root directory and orphaned files.
+- Set all relevant data, including optional hash information, to be correctly written to the CSV file.
+
+### Upcoming additions:
+
+- Granular processing of each attribute type, file type, etc found in Constants.py (3.0.2)
+- Readmission of file export types other than CSV - XML, JSON, Excel, etc. (3.0.3)
+- Readmission of forensic file types such as the Body file (3.0.4)
+- Optional integration of SQLite (3.0.5)
+- Optional user stipulated fields and reordering of the CSV with optional header (3.0.6)
+
+
+
 ## Version 3.0 (2024-08-15)
 
 Work has completed on the class-based layout. The program has been split into individual files each composed of the class within. 
 I believe this is the way to go (personal preference) as I like to work on one module at a time!
 
 
-### To do list:
-
-1. Implement a testing framework involving the sister project [GenerateMFT](https://github.com/rowingdude/GenerateMFT/).
-2. Implement multithreading as an option
-3. Complete a more succinct and visually appealing menu system (✅ 16-Aug-24 )
-
-<! ----------------- We are going to version up to 3.0 given the complete rewrite ------------------->
 
 ## Version 2.1.1 (2024-08-02)
 

USAGE.md

@@ -63,6 +63,21 @@ To analyze an MFT file and output the results to a CSV file:
 2. Bodyfile: A format suitable for timeline analysis tools.
 3. CSV Timeline: A chronological representation of file system events.
 
+## Status Bar
+
+I added a tqdm status bar to the program and then error wrapping around it, so when a corrupted file or entry is discovered, the output becomes:
+
+  No attributes found. Last checked offset: 56
+  No attributes found in record 196610. Raw data:
+      46494c45300003002431be4a00000000090000003800000040000000000400008d76020000000300010000001b7502000300000000000000ffffffff8279471100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+  Parsing MFT:  51%|█████████████████████████████████████████████████████████████▌                                                          | 165M/322M [00:36<00:36, 4.32MB/s]
+
+
+If you interrupt it (Ctrl+C), it will now save progress and exit:
+
+  Parsing MFT:   1%|█▎                                                                                                                             | 3.30M/322M [00:00<01:32, 3.43MB/s] 
+  Parsing was cancelled. Saving progress...
+
 ## Notes
 
 - Ensure you have the necessary permissions to read the MFT file.

analyzeMFT.py

@@ -1,48 +1,10 @@
-try:
-
-    from analyze_mft.common_imports   import *
-    from analyze_mft.mft_parser       import MFTParser
-    from analyze_mft.file_handler     import FileHandler
-    from analyze_mft.csv_writer       import CSVWriter
-    from analyze_mft.options_parser   import OptionsParser
-    from analyze_mft.attribute_parser import AttributeParser
-    from analyze_mft.thread_manager   import ThreadManager
-    from analyze_mft.logger           import Logger
-
-except ImportError as e:
-    print(f"Error: Failed to import required modules. {e}")
-    sys.exit(1)
-
-def main():
-
-    options_parser = OptionsParser()
-    options = options_parser.parse_options()
-
-    logger = Logger(options)
-    logger.verbose(f"Starting analyzeMFT-v{VERSION}")
-
-    file_handler = FileHandler(options)
-    file_handler.open_files()
-    
-    logger.verbose("Opened input and output files successfully.")
-
-    csv_writer = CSVWriter(options, file_handler)
-
-    with ThreadManager(options.thread_count) as thread_manager:
-
-        logger.verbose("Initializaing the MFT parsing object...")
-        mft_parser = MFTParser(options, file_handler, csv_writer)
-        
-        logger.verbose("Running the MFT parser...")
-        mft_parser.parse_mft_file()
-        
-        logger.verbose("Generating file paths...")
-        mft_parser.generate_filepaths()
-        
-        logger.verbose("Writing records...")
-        mft_parser.print_records()
-
-    logger.verbose("analyzeMFT completed successfully.")
+import asyncio
+import sys
+from src.analyzeMFT.cli import main
 
 if __name__ == "__main__":
-    main()
+    if sys.platform == "win32":
+        # This sets the event loop policy to use the ProactorEventLoop on Windows
+        asyncio.set_event_loop_policy(asyncio.WindowsProactorEventLoopPolicy())
+    
+    asyncio.run(main())