A parser for the MFT (Master File Table) format
☆157Jan 3, 2026Updated 2 months ago
Alternatives and similar repositories for mft
Users that are interested in mft are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 3 months ago
- Python bindings for https://github.com/omerbenamram/evtx/☆55Jan 3, 2026Updated 2 months ago
- A Fast (and safe) parser for the Windows XML Event Log (EVTX) format☆892Feb 23, 2026Updated last month
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last month
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 9 months ago
- Carve file metadata from NTFS index ($I30) attributes☆71Feb 3, 2024Updated 2 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- Information about the open-source-dfir slack community☆30Jun 17, 2023Updated 2 years ago
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21Feb 11, 2026Updated last month
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 5 years ago
- A small helper library for working with python file-like objects with rust.☆47Updated this week
- An NTFS/FAT parser for digital forensics & incident response☆224Oct 31, 2025Updated 4 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their ori…☆13May 10, 2023Updated 2 years ago
- analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multip…☆527Aug 13, 2025Updated 7 months ago
- Extract $MFT record info and log it to a csv file.☆288Oct 7, 2024Updated last year
- ☆21May 8, 2022Updated 3 years ago
- Parses $MFT from NTFS file systems☆305Feb 16, 2026Updated last month
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- ☆21Nov 19, 2025Updated 4 months ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆648Nov 7, 2025Updated 4 months ago
- MFT parser☆75Feb 2, 2025Updated last year
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- A Windows registry file parser written in Rust☆41Oct 30, 2025Updated 4 months ago
- ☆24Mar 12, 2025Updated last year
- NTFS samples☆27Aug 1, 2020Updated 5 years ago
- http://moaistory.blogspot.com/2016/08/ie10analyzer.html☆19Jul 20, 2024Updated last year
- CDIR Analyzer - parsers for data collected by CDIR Collector☆19Dec 11, 2025Updated 3 months ago
- Forensics tool for NTFS (parser, mft, bitlocker, deleted files)☆601Jul 23, 2023Updated 2 years ago
- ☆11Dec 9, 2025Updated 3 months ago
- A cross platform forensic parser written in Rust!☆102Updated this week
- USN to JSON☆22Apr 4, 2020Updated 5 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- MFT Fast Transcoder is a fast forensic tool to analyze MFT of NTFS partitions.☆12Feb 27, 2023Updated 3 years ago