A parser for the MFT (Master File Table) format
☆156Jan 3, 2026Updated 2 months ago
Alternatives and similar repositories for mft
Users that are interested in mft are comparing it to the libraries listed below
Sorting:
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 2 months ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated 2 weeks ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- A Fast (and safe) parser for the Windows XML Event Log (EVTX) format☆885Feb 23, 2026Updated last week
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21Feb 11, 2026Updated 3 weeks ago
- Carve file metadata from NTFS index ($I30) attributes☆71Feb 3, 2024Updated 2 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Python bindings for https://github.com/omerbenamram/evtx/☆55Jan 3, 2026Updated 2 months ago
- Parses $MFT from NTFS file systems☆301Feb 16, 2026Updated 2 weeks ago
- MFT parser☆74Feb 2, 2025Updated last year
- ☆21May 8, 2022Updated 3 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 4 years ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- An NTFS/FAT parser for digital forensics & incident response☆220Oct 31, 2025Updated 4 months ago
- Information about the open-source-dfir slack community☆30Jun 17, 2023Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 4 months ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆523Aug 13, 2025Updated 6 months ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- USN to JSON☆22Apr 4, 2020Updated 5 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Extract $MFT record info and log it to a csv file.☆287Oct 7, 2024Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆646Nov 7, 2025Updated 3 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated 2 months ago
- http://moaistory.blogspot.com/2016/08/ie10analyzer.html☆19Jul 20, 2024Updated last year
- ☆21Nov 19, 2025Updated 3 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Forensics tool for NTFS (parser, mft, bitlocker, deleted files)☆596Jul 23, 2023Updated 2 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- NTFS samples☆27Aug 1, 2020Updated 5 years ago
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆214Feb 16, 2026Updated 2 weeks ago
- CDIR Analyzer - parsers for data collected by CDIR Collector☆17Dec 11, 2025Updated 2 months ago
- MFT Fast Transcoder is a fast forensic tool to analyze MFT of NTFS partitions.☆12Feb 27, 2023Updated 3 years ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆51Jan 9, 2026Updated last month