装载EWF文件的cli包装器脚本。
py-ewf-mount的Python项目详细描述
皮尤蒙特
用于装载ewf文件的python cli包装脚本
安装
安装要求EWMOUNT
使用pacman安装libewf:
sudo pacman -S libewf
或带apt的ewf工具:
^{pr2}$安装要求脱壳器:
从GitHub安装脱壳器:
git clone https://github.com/Aorimn/dislocker
cd dislocker
cmake .
make dislocker-fuse;
sudo make install
安装pyewmount
pip3 install py_ewf_mount
使用
键入pyEWFmount --help
或pyMountEWF --help
查看帮助。
pyEWFmount by Florian Wahl, 03.08.2020
usage: pyMountEWF [-h] [-i INPUT] [-o OUTPUT]
optional arguments:
-h, --help show this help message and exit
-i INPUT, --input INPUT
path to a EWF file which should be mounted
-o OUTPUT, --output OUTPUT
Specify the name of the mounted directory (default: /mnt/YYYY.MM.DD_hh.mm)
示例
$ sudo pyMountEWF -i forensic_image.E01
pyEWFmount by Florian Wahl, 02.08.2020
[+] ewf file mounted to "/mnt/2020.08.03_18.49/.ewf"
[+] Select Partition to mount:
Disk /dev/loop6: 1011 MiB, 1060110336 bytes, 2070528 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x24677b2d
Device Boot Start End Sectors Size Id Type
/dev/loop6p1 2048 2070527 2068480 1010M 7 HPFS/NTFS/exFAT
select number of partition (0 for complete disk) [1] >
[+] selected partition "/dev/loop6p1"
Bitlocker Recovery Key (if encrypted otherwise empty) > 493625-443036-224400-065417-708741-624547-702218-359777
Mount in readonly mode (y/n) [y]: y
Mount as NTFS filesystem (y/n) [y]: y
[+] Partition 1 was mounted under "/mnt/2020.08.03_18.49/partition_1_decrypted"
Press ENTER to mount another partition
- 项目
标签: