omerbenamram / mft

Related projects ⓘ

Alternatives and complementary repositories for mft

• puffyCid / artemis
  A cross platform forensic parser written in Rust!
  ☆67Updated this week
• strozfriedberg / notatin
  A Windows registry file parser written in Rust
  ☆36Updated last year
• omerbenamram / pyevtx-rs
  Python bindings for https://github.com/omerbenamram/evtx/
  ☆49Updated this week
• harelsegev / INDXRipper
  Carve file metadata from NTFS index ($I30) attributes
  ☆61Updated 9 months ago
• kacos2000 / MFT_Browser
  $MFT directory tree reconstruction & FILE record info
  ☆292Updated last month
• omerbenamram / evtx
  A Fast (and safe) parser for the Windows XML Event Log (EVTX) format
  ☆694Updated 3 weeks ago
• EricZimmerman / MFT
  MFT parser
  ☆62Updated 8 months ago
• msuhanov / dfir_ntfs
  An NTFS/FAT parser for digital forensics & incident response
  ☆192Updated 2 weeks ago
• MagnetForensics / dumpit-linux
  Memory acquisition for Linux that makes sense.
  ☆156Updated last year
• strozfriedberg / sidr
  Search Index Database Reporter
  ☆92Updated 2 weeks ago
• forensicmatt / libtsk-rs
  Wrapper for TSK (Sleuth Kit) Bindings
  ☆11Updated last year
• EricZimmerman / RECmd
  Command line access to the Registry
  ☆132Updated 3 weeks ago
• n4r1b / ferrisetw
  Basically a KrabsETW rip-off written in Rust
  ☆65Updated 3 months ago
• 0xrawsec / gene
  Signature engine for all your logs
  ☆161Updated last year
• EricZimmerman / MFTECmd
  Parses $MFT from NTFS file systems
  ☆202Updated this week
• Neo23x0 / Loki2
  LOKI2 - Simple IOC and YARA Scanner
  ☆80Updated 3 months ago
• omerbenamram / winstructs
  Parsers for common structures across windows formats.
  ☆12Updated last year
• forensicmatt / RsWindowsThingies
  Windows Thingies... but in Rust
  ☆23Updated 2 years ago
• mkorman90 / regipy
  Regipy is an os independent python library for parsing offline registry hives
  ☆244Updated 2 months ago
• AndrewRathbun / VanillaWindowsReference
  A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …
  ☆145Updated last month
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆49Updated last year
• theAtropos4n6 / Partition-4DiagnosticParser
  Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.
  ☆19Updated 11 months ago
• avast / yarang
  Alternative YARA scanning engine
  ☆67Updated 2 years ago
• Neo23x0 / YARA-Performance-Guidelines
  A guide on how to write fast and memory friendly YARA rules
  ☆126Updated last year
• nasbench / EVTX-ETW-Resources
  Event Tracing For Windows (ETW) Resources
  ☆349Updated last month
• dfir-dd / dionysos
  Scanner for certain IoCs
  ☆11Updated 7 months ago
• moaistory / WinSearchDBAnalyzer
  http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
  ☆119Updated 4 months ago
• Digital-Forensics-Discord-Server / ArtifactParsers
  A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts
  ☆51Updated last week
• forensicmatt / RustyUsn
  USN to JSON
  ☆22Updated 4 years ago
• Hugal31 / yara-rust
  Rust bindings for VirusTotal/Yara
  ☆77Updated 2 months ago