Anyone have any idea what is causing this error with mftparser?
I have tried this in volatility versions 2.3 and 2.4. Might be a config issue with my system but not sure what it might be, so I thought I would ask the group.
Volatility Foundation Volatility Framework 2.4
Scanning for MFT entries and building directory, this can take a while
Traceback (most recent call last):
File "vol.py", line 192, in <module>
main()
File "vol.py", line 183, in main
command.execute()
File "/Users/dnardoni/volatility/volatility_24/volatility/commands.py", line 127, in execute
func(outfd, data)
File "/Users/dnardoni/volatility/volatility_24/volatility/plugins/mftparser.py", line 728, in render_body
for offset, mft_entry, attributes in data:
File "/Users/dnardoni/volatility/volatility_24/volatility/plugins/mftparser.py", line 706, in calculate
mft_entry.add_path(temp.FileName)
File "/Users/dnardoni/volatility/volatility_24/volatility/obj.py", line 747, in __getattr__
return self.m(attr)
File "/Users/dnardoni/volatility/volatility_24/volatility/obj.py", line 721, in m
return element(self)
File "/Users/dnardoni/volatility/volatility_24/volatility/plugins/mftparser.py", line 497, in <lambda>
'FileName': lambda x : obj.Object("FILE_NAME", offset = x.obj_offset + x.ContentOffset, vm = x.obj_vm),
File "/Users/dnardoni/volatility/volatility_24/volatility/obj.py", line 377, in method
proxied = self.proxied(name)
File "/Users/dnardoni/volatility/volatility_24/volatility/obj.py", line 433, in proxied
return self.v()
File "/Users/dnardoni/volatility/volatility_24/volatility/obj.py", line 443, in v
(val,) = struct.unpack(self.format_string, data)
struct.error: unpack requires a string argument of length 2
Dave
_______________________________________________
Vol-users mailing list
Vol-users@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users