@@ -33,39 +33,35 @@ Rather than clutter up the main project with features people may not want, I wil
3333Basic usage:
3434
3535```
36- Usage: analyzeMFT.py [options] filename
36+ Usage: analyzeMFT.py -f <mft_file> -o <output_file> [options]
3737
3838Options:
39+ --version show program's version number and exit
3940 -h, --help show this help message and exit
40- -f FILE, --file=FILE Read MFT from FILE
41- -a, --anomaly Turn on anomaly detection
42- -l, --localtz Report times using local timezone
43- -d, --debug Turn on debugging output
44- -v, --version Report version and exit
45- -V, --verbose Provide additional output as the program runs (Dangerous, can produce a lot of information)
46-
47- Output Options:
48- -o FILE, --output=FILE
49- Write results to CSV FILE
50- -b FILE, --bodyfile=FILE
51- Write MAC information to bodyfile
52- -c FILE, --csvtimefile=FILE
53- Write CSV format timeline file
54-
55- Body File Options:
56- --bodystd Use STD_INFO timestamps for body file rather than FN
57- timestamps
58- --bodyfull Use full path name + filename rather than just
59- filename
60-
61- Performance Options:
62- --threads=THREAD_COUNT
63- Number of threads to use for parsing (default: 1)
41+ -f FILE, --file=FILE MFT file to analyze
42+ -o FILE, --output=FILE
43+ Output file
44+ -H, --hash Compute hashes (MD5, SHA256, SHA512, CRC32)
45+
46+ Export Options:
47+ --csv Export as CSV (default)
48+ --json Export as JSON
49+ --xml Export as XML
50+ --excel Export as Excel
51+ --body Export as body file (for mactime)
52+ --timeline Export as TSK timeline
53+ --l2t Export as log2timeline CSV
54+
55+ Verbosity Options:
56+ -v Increase output verbosity (can be used multiple times)
57+ -d Increase debug output (can be used multiple times)
58+
59+ Error: No input file specified. Use -f or --file to specify an MFT file.
6460```
6561
6662## Versioning
6763
68- Current version: 3.0
64+ Current version: 3.0.6
6965
7066## Author
7167
0 commit comments