dfirlabs/ntfs-specimens external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

dfirlabs/ntfs-specimens

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/dfirlabs/ntfs-specimens)

Close

dfirlabs / ntfs-specimensView on GitHubMore

• External links
• Readme badge

NTFS file system specimens

☆13Jul 3, 2023Updated 2 years ago

Alternatives and similar repositories for ntfs-specimens

Users that are interested in ntfs-specimens are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• forensicmatt / RustyUsn

  View on GitHub
  USN to JSON
  ☆22Apr 4, 2020Updated 5 years ago
• msuhanov / regf-samples

  View on GitHub
  Windows registry samples
  ☆24Nov 18, 2018Updated 7 years ago
• Velocidex / evtx-data

  View on GitHub
  Publicly shareable windows event log message data
  ☆28Nov 29, 2019Updated 6 years ago
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• py4n6 / pyflag

  View on GitHub
  Python Forensic and Log Analysis GUI
  ☆27Dec 22, 2014Updated 11 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• ydkhatri / spotlight_queries

  View on GitHub
  Queries for parsed spotlight database in sqlite
  ☆13Dec 29, 2020Updated 5 years ago
• forensicmatt / RustyReg

  View on GitHub
  Registry to JSON. This Project is for learning purposes and is not maintained.
  ☆12Dec 28, 2021Updated 4 years ago
• ydkhatri / macOS_FE

  View on GitHub
  Tools for macOS Forensic Bootable media
  ☆16May 20, 2020Updated 5 years ago
• omerbenamram / winstructs

  View on GitHub
  Parsers for common structures across windows formats.
  ☆12Aug 23, 2023Updated 2 years ago
• 00010111 / gMetaDataParse

  View on GitHub
  ☆24Mar 12, 2025Updated last year
• EricZimmerman / ExtensionBlocks

  View on GitHub
  Extension blocks as found in ShellBags and other places in the Registry
  ☆25Jan 7, 2025Updated last year
• i0n / axum-http-auth-example

  View on GitHub
  ☆10Nov 26, 2022Updated 3 years ago
• williballenthin / wevt_template

  View on GitHub
  extract and parse WEVT_TEMPLATEs from PE files
  ☆18Dec 30, 2023Updated 2 years ago
• msuhanov / yarp

  View on GitHub
  Yet another registry parser
  ☆137Apr 15, 2022Updated 3 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• brimorlabs / KStrike

  View on GitHub
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆79Jan 9, 2024Updated 2 years ago
• simon-weber / Instant-SQLite-Audit-Trail

  View on GitHub
  Set up a quick and dirty audit log on an SQLite db.
  ☆16May 16, 2013Updated 12 years ago
• open-source-dfir / slack

  View on GitHub
  Information about the open-source-dfir slack community
  ☆30Jun 17, 2023Updated 2 years ago
• ydkhatri / pyliblzfse

  View on GitHub
  Python bindings for LZFSE
  ☆18Jul 9, 2020Updated 5 years ago
• facg3 / Stateless-vs-stateful-authentication

  View on GitHub
  ☆13Dec 18, 2017Updated 8 years ago
• Antonlovesdnb / SANSTHS2021

  View on GitHub
  Hunting Malicious Macros SANS Threathunting Summit 2021 Materials
  ☆39Oct 9, 2021Updated 4 years ago
• ollybritton / proxyfinder

  View on GitHub
  proxyfinder is a simple Go package for finding proxies.
  ☆23Nov 9, 2019Updated 6 years ago
• tsale / Threat-Intelligence-Playbooks

  View on GitHub
  High-level Threat Intelligence playbooks
  ☆20Mar 6, 2021Updated 5 years ago
• jschicht / SetMace

  View on GitHub
  Manipulate timestamps on NTFS
  ☆53Nov 10, 2014Updated 11 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• dsnezhkov / h53

  View on GitHub
  A utility to force query DNS over DoH off of CloudFlare API when DNS block is in place
  ☆10Aug 26, 2018Updated 7 years ago
• Velocidex / go-ese

  View on GitHub
  Go implementation of an Extensible Storage Engine parser
  ☆32Updated this week
• magisterquis / vnclowpot

  View on GitHub
  Low-interaction VNC honeypot with a static challenge.
  ☆23Aug 10, 2019Updated 6 years ago
• GitHubSecurityLab / codeql-jupyter-kernel

  View on GitHub
  Jupyter Kernel for CodeQL
  ☆15Feb 26, 2025Updated last year
• AbdulRhmanAlfaifi / lnk_parser

  View on GitHub
  lnk_parser is a full rust implementation to parse windows LNK files
  ☆23Feb 17, 2026Updated last month
• kacos2000 / Evtx_Log_Browser

  View on GitHub
  Evtx Log (xml) Browser
  ☆57Mar 12, 2023Updated 3 years ago
• mandiant / ARDvark

  View on GitHub
  ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
  ☆36Jun 1, 2023Updated 2 years ago
• stripe / stripe-mirakl-connector

  View on GitHub
  Official Stripe Mirakl Connector
  ☆12Feb 26, 2026Updated last month
• mobdk / CoreClass

  View on GitHub
  Mimikatz embedded as classes
  ☆28Oct 25, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• jlubawy / go-azure-ad

  View on GitHub
  Example Golang code to access Azure Active Directory (AD) using OAuth2
  ☆21Nov 29, 2017Updated 8 years ago
• sleuthkit / libewf_64bit

  View on GitHub
  Copy of the libewf source code that is configured for a 64-bit MS Visual Studio build.
  ☆17Aug 17, 2020Updated 5 years ago
• Velocidex / registry_hunter

  View on GitHub
  Hunt the windows Registry automatically using VQL
  ☆14Jan 6, 2026Updated 2 months ago
• alwashmi / MasterParser

  View on GitHub
  MasterParser is a simple, all-in-one, digital forensics artifact parser
  ☆24Jul 9, 2021Updated 4 years ago
• gagliardetto / lgtm-cli

  View on GitHub
  *Unofficial* lgtm.com CLI — Use at your own risk. Also don't add more than 3K projects to "My projects" list.
  ☆13Feb 21, 2022Updated 4 years ago
• RomaissaAdjailia / Get-AppLockerEventlog

  View on GitHub
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆31Aug 6, 2022Updated 3 years ago
• elastic / sans-dfir-2022

  View on GitHub
  Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"
  ☆11Feb 6, 2025Updated last year