DEVHIDE
Login Or Sign up

Reading prefetch file content

75 Views Asked by At

I'm using python prefetch view to read the prefetch files' content. But the tool show something like volume guid or anything instead of volume letter enter image description here

Is there any correct way to convert "\VOLUME{01d820ac778f54ef-ba78425f}" to drive letter? Do it correctly and logically instead of trying to randomly replace characters like "C:" or "D:"

python prefetch
Original Q&A
1

There are 1 best solutions below

0
On

Lol, I have found the solution to solve my problem

It is using this code to get details of the volumes (driver serial and driver letter)

import wmi

c = wmi.WMI()
Drivers_Information = []
def to_hex(val, nbits):
  return hex((val + (1 << nbits)) % (1 << nbits)).lstrip('0x')

for i in c.Win32_Volume():
    Drivers_Information.append(("Driver_serial\\"+str(to_hex(i.SerialNumber,32)).replace("0x","")+"\\",i.Caption))

And compare with the volume serial number in the "volume information" then I know exactly which driver letter represented by the \VOLUME{01d820ac778f54ef-ba78425f}

If you have another better solution, pls let me know.

Related Questions in PYTHON

Related Questions in PREFETCH

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.