Async Python library to parse local and remote disk images.
The project is still in developement, expect issues
This is a library with a simple API to read (only read) and recover files from disk images (vhdx) or raw disks/partitions obtained by dd or similar command. Opening a file on the disk image provides an async fileobject so you can perform file operations like read seek tell without extracting the entire file.
It comes with an example console client to demonstrate the core features.
| File | Gzip | SMB | SSH(SFTP) | |
|---|---|---|---|---|
| ✔️ | ✔️ | ✔️ | ❌ |
| Raw | VHD | VHDX | VMDK | |
|---|---|---|---|---|
| ✔️ | ❌ | ✔️ | ❌ |
| MBR | GPT |
|---|---|
| ✔️ | ✔️ |
| FAT12 | FAT16 | FAT32 | VFAT | NTFS | EXT4 | EXFAT |
|---|---|---|---|---|---|---|
| ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
git clone and pip install . should do the trick.
After install use the adiskreader-console executable for the sample client
Interactive sample client that tries to automatically "mount" the disk image specified by the source URL like:
adiskreader-console smb+ntlm-password://TEST\victim@10.10.10.2/sharename/foldername/disk.vhdx
adiskreader-console file://C:\Users\test\images\test.vhdx
adiskreader-console file+gz:///home/user/images/test.gz.raw
At the moment there is no documentation, so you'll have to rely on the code itself :(
tests require installing guestmount
The FAT filesystem operations are provided by a modifyed verson of PyFATFs. Original project is licensed under MIT, can be found here