irt/gists
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Added sleuthkit folder extraction

Browse Source
This commit is contained in:
TKE
2021-06-02 11:13:29 +02:00
parent 41504d444e
commit f14d8c0f14
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
extractfolder.py Normal file
View File

@@ -0,0 +1,23 @@
import subprocess
import sys
image=sys.argv[1]
inode=sys.argv[2]
output = subprocess.check_output(f"fls -F {image} {inode}", shell=True)
output=output.decode()
result = {}
for row in output.split('\n'):
if ':' in row:
key, value = row.split(':')
idx = key.split(" ")[-1]
fsid = idx.split("-")[0]
result[fsid] = value.strip()
for fsid in result:
print(f"Writing Inode {fsid} -> {result[fsid]} ")
outfile=open(result[fsid],'w')
subprocess.run(["icat", image, fsid],stdout=outfile)