jschicht / NtfsFileExtractor

Related projects ⓘ

Alternatives and complementary repositories for NtfsFileExtractor

• jschicht / PowerMft
  Powerful commandline $MFT record editor.
  ☆23Updated 9 years ago
• jschicht / Secure2Csv
  Decode security descriptors in $Secure on NTFS
  ☆20Updated 2 years ago
• EricZimmerman / RegistryExplorerBookmarks
  Registry Explorer bookmark definitions
  ☆41Updated last year
• jschicht / MftRcrd
  Command line $MFT record decoder
  ☆11Updated 7 years ago
• jschicht / MftCarver
  Carve $MFT records from a chunk of data (for instance a memory dump)
  ☆16Updated 8 years ago
• ArsenalRecon / SdbaParser
  Parser for Sdba memory pool tags
  ☆17Updated 3 years ago
• kacos2000 / Win10LiveInfo
  Windows 10 Live Information viewer
  ☆33Updated 2 years ago
• msuhanov / winmem_decompress
  Extract compressed memory pages from page-aligned data
  ☆41Updated 6 years ago
• 4n6ist / bulk_extractor-rec
  It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving
  ☆37Updated 4 years ago
• jschicht / ExtractUsnJrnl
  Tool to extract the $UsnJrnl from an NTFS volume
  ☆105Updated 5 years ago
• tedsmith / NSRL-Stripper
  A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database
  ☆14Updated 3 years ago
• woanware / autorunner
  Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
  ☆54Updated 5 years ago
• EricZimmerman / SDB
  Parse Microsoft shim databases
  ☆29Updated 2 months ago
• msuhanov / regf-samples
  Windows registry samples
  ☆23Updated 6 years ago
• davidhowell-tx / Invoke-LiveResponse
  PowerShell based Live Response tool
  ☆12Updated 8 years ago
• NextronSystems / thor_attck
  THOR MITRE ATT&CK Framework Coverage
  ☆24Updated 4 years ago
• w8mej / IRKnowledge
  A curated list of tools for incident response
  ☆27Updated 8 months ago
• Velocidex / SQLiteHunter
  Hunt for SQLite files used by various applications
  ☆10Updated this week
• davehull / VirusTotalShell
  A fork of David B Heise's VirusTotal Powershell Module
  ☆17Updated 2 years ago
• libyal / libagdb
  Library and tools to access the Windows SuperFetch database format
  ☆12Updated 5 months ago
• chadgough / x-tensions
  X-Ways C# X-Tension API
  ☆15Updated 11 years ago
• log2timeline / dfwinreg
  Digital Forensics Windows Registry (dfWinReg)
  ☆49Updated last month
• chaoticmachinery / mass_triage_tools
  Mass Triage Tools
  ☆20Updated 4 months ago
• forensicmatt / PyWindowsThingies
  Windows Thingies in Python for live use.
  ☆24Updated 5 years ago
• msuhanov / registry-miner
  Registry Miner
  ☆14Updated 6 years ago
• bsi-group / autorun-logger-server
  Server for receiving autorun data from the clients
  ☆13Updated 7 years ago
• ignacioj / mftf
  $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility
  ☆36Updated 4 months ago
• Silv3rHorn / 4n6_misc
  Miscellaneous Scripts
  ☆17Updated 4 years ago
• AndrewRathbun / VanillaWindowsRegistryHives
  A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…
  ☆43Updated last year