omerbenamram / mft
A parser for the MFT (Master File Table) format
☆124Updated last year
Related projects: ⓘ
- A cross platform forensic parser written in Rust!☆61Updated this week
- A Fast (and safe) parser for the Windows XML Event Log (EVTX) format☆652Updated 2 weeks ago
- $MFT directory tree reconstruction & FILE record info☆282Updated 7 months ago
- An NTFS/FAT parser for digital forensics & incident response☆189Updated last year
- Parses $MFT from NTFS file systems☆183Updated this week
- MFT parser☆58Updated 6 months ago
- Python bindings for https://github.com/omerbenamram/evtx/☆47Updated 3 weeks ago
- Command line access to the Registry☆123Updated 2 weeks ago
- Carve file metadata from NTFS index ($I30) attributes☆58Updated 7 months ago
- A Windows registry file parser written in Rust☆35Updated last year
- Windows Registry Knowledge Base☆158Updated 5 months ago
- Wrapper for TSK (Sleuth Kit) Bindings☆11Updated last year
- Basically a KrabsETW rip-off written in Rust☆64Updated last month
- USN to JSON☆22Updated 4 years ago
- Regipy is an os independent python library for parsing offline registry hives☆240Updated 3 weeks ago
- clean interface for the windows event log☆23Updated 3 months ago
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- Library to handle the files in zff format (file format to store and handle forensic acquisitions).☆20Updated 2 weeks ago
- Signature engine for all your logs☆156Updated 10 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆139Updated 2 months ago
- Search Index Database Reporter☆87Updated last year
- Full featured, offline Registry parser in C#☆218Updated 2 weeks ago
- Windows Thingies... but in Rust☆23Updated last year
- Yet another registry parser☆128Updated 2 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆109Updated 2 years ago
- C# based evtx parser with lots of extras☆266Updated 2 weeks ago
- Python bindings for https://github.com/omerbenamram/mft☆18Updated last year
- Memory acquisition for Linux that makes sense.☆143Updated 10 months ago
- Framework definitions that allow to build a custom SIEM.☆24Updated 5 months ago
- Rust crate for accessing keys, values, and data stored in Windows hive (registry) files.☆45Updated last year