analyzeMFT icon indicating copy to clipboard operation
analyzeMFT copied to clipboard

Published 20 hours ago verified publisher icon dkovar

python2

Open patatetom opened this issue 7 years ago • 13 comments

hi,

python2 and python3 may be installed together...

diff --git a/analyzeMFT.py b/analyzeMFT.py
index dceaae7..0d21be5 100755
--- a/analyzeMFT.py
+++ b/analyzeMFT.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
 
 try:
     from analyzemft import mftsession

# pip2 install analyzeMFT
Collecting analyzeMFT
  Using cached analyzeMFT-2.0.19.tar.gz
Installing collected packages: analyzeMFT
  Running setup.py install for analyzeMFT ... done
Successfully installed analyzeMFT-2.0.19

# pip3 install analyzeMFT
Collecting analyzeMFT
  Using cached analyzeMFT-2.0.19.tar.gz
Installing collected packages: analyzeMFT
  Running setup.py install for analyzeMFT ... done
Successfully installed analyzeMFT-2.0.19

# pip2 check
No broken requirements found.

# pip3 check
No broken requirements found.

# python2 /usr/bin/analyzeMFT.py 
-f <filename> required.

# python3 /usr/bin/analyzeMFT.py 
Traceback (most recent call last):
  File "/usr/bin/analyzeMFT.py", line 6, in <module>
    from .analyzemft import mftsession
ModuleNotFoundError: No module named '__main__.analyzemft'; '__main__' is not a package

patatetom avatar Jul 07 '17 13:07 patatetom

analyzeMFT is written in python2 and does not support python3. there are a number of python3 incompatibilities (relative imports, print statements, etc.) that would need to be fixed even before regression testing happens. while it appears to install ok via pip3, you should not attempt to use it.

williballenthin avatar Jul 08 '17 23:07 williballenthin

I have forked the project and converted it to python3. This should work for your use case.

eddsalkield avatar Jul 19 '19 11:07 eddsalkield

Thank you both. It would probably make sense to make that fork the "official" version.

kovar-ursa avatar Jul 19 '19 11:07 kovar-ursa

You can find it packaged at the PyPi, as analyzeMFT3.

eddsalkield avatar Jul 22 '19 08:07 eddsalkield

@dkovar what is the status of this? are you planning to merge the python3 changes back into this git repo? or has the "official" repo for analyzeMFT changed?

joachimmetz avatar Feb 01 '20 10:02 joachimmetz

@eddsalkield since analyzeMFT3 has no separate issue tracker

python3 -V
Python 3.7.6

PYTHONPATH=analyzeMFT3 python3 analyzeMFT3/analyzeMFT.py -f MFT.bin -b bodyfile --bodyfull -d
...
Traceback (most recent call last):
  File "analyzeMFT3/analyzeMFT.py", line 12, in <module>
    session.process_mft_file()
  File "analyzeMFT3/analyzemft/mftsession.py", line 189, in process_mft_file
    self.build_filepaths()
  File "analyzeMFT3/analyzemft/mftsession.py", line 281, in build_filepaths
    record = mft.parse_record(raw_record, self.options)
  File "analyzeMFT3/analyzemft/mft.py", line 70, in parse_record
    atr_record = decode_atr_header(raw_record[read_ptr:])
  File "analyzeMFT3/analyzemft/mft.py", line 598, in decode_atr_header
    d = {'type': struct.unpack("<L", s[:4])[0]}
TypeError: a bytes-like object is required, not 'str'

joachimmetz avatar Feb 01 '20 11:02 joachimmetz

I have not touched this project in many years and, alas, have no plans for it. I'm happy to turn it over to someone else if there is interest.

dkovar avatar Feb 02 '20 13:02 dkovar

@eddsalkield are you planning to continue the python 3 version of this project?

@dkovar it is unfortunate that this project has been abandoned, can you add some note to the README that this project is no longer actively maintained?

joachimmetz avatar Feb 02 '20 19:02 joachimmetz

Unfortunately I do not intend to continue the python3 version of the project, as I no longer use this utility.

eddsalkield avatar Mar 21 '20 14:03 eddsalkield

Ack, as requested before, mention something about the unmaintained status in the readme file.

joachimmetz avatar Mar 22 '20 08:03 joachimmetz

From the README.

=========== STATUS

This project was my passion and my vehicle for exploring digital forensics for many years as well as a means for giving back to a community that gave me so much.

Unfortunately, I am no doing forensics on Windows filesystems and am not contributing to this project anymore. If someone else wishes to adopt it, please let me know.

-David (02/02/2020)

Analyze MFT

David Kovar CEO, URSA Inc. Email: [email protected] Cell: 650-278-1774

On Mar 22, 2020, at 4:22 AM, Joachim Metz [email protected] wrote:

Ack, as requested before, mention something about the unmaintained status in the readme file.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dkovar/analyzeMFT/issues/50#issuecomment-602163976, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVYVEQH6C7ZL7SEBPZOZELRIXDF5ANCNFSM4DSDWBRA.

kovar-ursa avatar Mar 22 '20 10:03 kovar-ursa

@kovar-ursa, ack thx, for updating it, I was mainly referring to @eddsalkield his update, the analyzeMFT3 README does not indicate the project is not maintained either https://github.com/eddsalkield/analyzeMFT3/blob/master/README.txt

joachimmetz avatar Mar 22 '20 11:03 joachimmetz

Thanks for the mention. I have modified the README to make it clear that my fork is unmaintained.

eddsalkield avatar Aug 30 '20 16:08 eddsalkield