From b3aff0c126fc650180e63a3c5ee041f739cf65e9 Mon Sep 17 00:00:00 2001 From: Benjamin Cance Date: Thu, 5 Sep 2024 08:28:01 -0400 Subject: [PATCH 1/6] Update menu preview in Readme.md --- README.md | 48 ++++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index d28e91b..33396ad 100644 --- a/README.md +++ b/README.md @@ -33,39 +33,35 @@ Rather than clutter up the main project with features people may not want, I wil Basic usage: ``` -Usage: analyzeMFT.py [options] filename +Usage: analyzeMFT.py -f -o [options] Options: + --version show program's version number and exit -h, --help show this help message and exit - -f FILE, --file=FILE Read MFT from FILE - -a, --anomaly Turn on anomaly detection - -l, --localtz Report times using local timezone - -d, --debug Turn on debugging output - -v, --version Report version and exit - -V, --verbose Provide additional output as the program runs (Dangerous, can produce a lot of information) - - Output Options: - -o FILE, --output=FILE - Write results to CSV FILE - -b FILE, --bodyfile=FILE - Write MAC information to bodyfile - -c FILE, --csvtimefile=FILE - Write CSV format timeline file - - Body File Options: - --bodystd Use STD_INFO timestamps for body file rather than FN - timestamps - --bodyfull Use full path name + filename rather than just - filename - - Performance Options: - --threads=THREAD_COUNT - Number of threads to use for parsing (default: 1) + -f FILE, --file=FILE MFT file to analyze + -o FILE, --output=FILE + Output file + -H, --hash Compute hashes (MD5, SHA256, SHA512, CRC32) + + Export Options: + --csv Export as CSV (default) + --json Export as JSON + --xml Export as XML + --excel Export as Excel + --body Export as body file (for mactime) + --timeline Export as TSK timeline + --l2t Export as log2timeline CSV + + Verbosity Options: + -v Increase output verbosity (can be used multiple times) + -d Increase debug output (can be used multiple times) + +Error: No input file specified. Use -f or --file to specify an MFT file. ``` ## Versioning -Current version: 3.0 +Current version: 3.0.6 ## Author From bd4ee8e7856408692afd106a84d2fef3293d5db1 Mon Sep 17 00:00:00 2001 From: Benjamin Cance Date: Thu, 5 Sep 2024 08:31:29 -0400 Subject: [PATCH 2/6] Update version to 3.0.6 --- src/analyzeMFT/constants.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzeMFT/constants.py b/src/analyzeMFT/constants.py index 1b1e0eb..8a34744 100644 --- a/src/analyzeMFT/constants.py +++ b/src/analyzeMFT/constants.py @@ -1,4 +1,4 @@ -VERSION = '3.0.5' +VERSION = '3.0.6' # File Record Flags FILE_RECORD_IN_USE = 0x0001 From 9cfd6e78c318f03df77313216c8376380526028f Mon Sep 17 00:00:00 2001 From: Benjamin Cance Date: Thu, 5 Sep 2024 08:34:15 -0400 Subject: [PATCH 3/6] Bug hunting asyncio distributable files --- src/analyzeMFT/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/analyzeMFT/__init__.py b/src/analyzeMFT/__init__.py index 3fb9cbe..b913217 100644 --- a/src/analyzeMFT/__init__.py +++ b/src/analyzeMFT/__init__.py @@ -3,7 +3,10 @@ from .mft_analyzer import MftAnalyzer from .file_writers import FileWriters from .constants import VERSION, CSV_HEADER -from .cli import main +from .cli import main as cli_main + +def main(): + asyncio.run(cli_main()) __all__ = [ 'WindowsTime', From 1f18e866d40a6557a71f8865bad81bb481e1e811 Mon Sep 17 00:00:00 2001 From: Benjamin Cance Date: Thu, 5 Sep 2024 08:35:03 -0400 Subject: [PATCH 4/6] Update version to 3.0.6.1 --- src/analyzeMFT/constants.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzeMFT/constants.py b/src/analyzeMFT/constants.py index 8a34744..7930df9 100644 --- a/src/analyzeMFT/constants.py +++ b/src/analyzeMFT/constants.py @@ -1,4 +1,4 @@ -VERSION = '3.0.6' +VERSION = '3.0.6.1' # File Record Flags FILE_RECORD_IN_USE = 0x0001 From 3eb7e202284ff15e32463d94cdd98c1716e57c67 Mon Sep 17 00:00:00 2001 From: Benjamin Cance Date: Thu, 5 Sep 2024 08:42:33 -0400 Subject: [PATCH 5/6] Edit entrypoint in setup.py --- setup.py | 4 ++-- src/analyzeMFT/constants.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index 0504c07..50a0389 100644 --- a/setup.py +++ b/setup.py @@ -33,8 +33,8 @@ "pywin32;platform_system=='Windows'", ], entry_points={ - "console_scripts": [ - "analyzeMFT=analyzeMFT.cli:main", + 'console_scripts': [ + 'analyzemft=analyzeMFT:main', ], }, ) \ No newline at end of file diff --git a/src/analyzeMFT/constants.py b/src/analyzeMFT/constants.py index 7930df9..6948e02 100644 --- a/src/analyzeMFT/constants.py +++ b/src/analyzeMFT/constants.py @@ -1,4 +1,4 @@ -VERSION = '3.0.6.1' +VERSION = '3.0.6.2' # File Record Flags FILE_RECORD_IN_USE = 0x0001 From 606286b39db47b842af7019ed1a125ede3293894 Mon Sep 17 00:00:00 2001 From: Benjamin Cance Date: Thu, 5 Sep 2024 08:52:36 -0400 Subject: [PATCH 6/6] Update version with asyncio troubleshooting --- src/analyzeMFT/__init__.py | 1 + src/analyzeMFT/constants.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/analyzeMFT/__init__.py b/src/analyzeMFT/__init__.py index b913217..22b41bf 100644 --- a/src/analyzeMFT/__init__.py +++ b/src/analyzeMFT/__init__.py @@ -1,3 +1,4 @@ +import asyncio from .windows_time import WindowsTime from .mft_record import MftRecord from .mft_analyzer import MftAnalyzer diff --git a/src/analyzeMFT/constants.py b/src/analyzeMFT/constants.py index 6948e02..dddbefa 100644 --- a/src/analyzeMFT/constants.py +++ b/src/analyzeMFT/constants.py @@ -1,4 +1,4 @@ -VERSION = '3.0.6.2' +VERSION = '3.0.6.3' # File Record Flags FILE_RECORD_IN_USE = 0x0001