Alternatives and similar repositories for ntfsdump

Users that are interested in ntfsdump are comparing it to the libraries listed below

• sumeshi / ntfsfind
  An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.
  ☆26Updated last year
• libyal / winevt-kb
  Windows Event Log Knowledge Base
  ☆26Updated 9 months ago
• memoryforensics1 / VolExp
  volatility explorer
  ☆91Updated 4 years ago
• tokesr / usb_investigator
  ☆9Updated 5 years ago
• DissectMalware / yaradbg-backend
  ☆25Updated last year
• ArsenalRecon / SdbaParser
  Parser for Sdba memory pool tags
  ☆18Updated 4 years ago
• msuhanov / ntfs-samples
  NTFS samples
  ☆25Updated 4 years ago
• ydkhatri / Appx-Analysis
  Scripts and tools created for appx analysis talk (Magnet summit 2019)
  ☆16Updated last year
• tccontre / KnowledgeBase
  Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff
  ☆55Updated 5 months ago
• sumeshi / mft2es
  A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.
  ☆11Updated 3 weeks ago
• mandiant / win10_rekall
  Rekall Memory Forensic Framework
  ☆32Updated 5 years ago
• herosi / triage-collector
  ☆22Updated 9 months ago
• DissectMalware / xlrd2
  xlrd2 is a variant of xlrd that is actively maintained
  ☆23Updated 11 months ago
• analyzeDFIR / analyzePF
  Tool for analysis of Windows Prefetch files
  ☆26Updated 6 years ago
• re-fox / documentation
  ☆13Updated 4 years ago
• Paul-Tew / lifer
  Windows link file (shortcuts) examiner
  ☆68Updated last year
• stairwell-inc / threat-research
  Repository of tools, YARA rules, and code-snippets from Stairwell's research team.
  ☆22Updated last year
• mandiant / vbScript_deobfuscator
  Help deobfuscate VBScript
  ☆15Updated 3 years ago
• 0xHasanM / Autopsy-Registry-Explorer
  Autopsy Module to analyze Registry Hives
  ☆15Updated 3 years ago
• airbus-cert / etwbreaker
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆55Updated 3 years ago
• ydkhatri / macOS_FE
  Tools for macOS Forensic Bootable media
  ☆15Updated 5 years ago
• AndrewRathbun / VanillaWindowsRegistryHives
  A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…
  ☆46Updated 2 years ago
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆75Updated 6 months ago
• ssp4rk / threatintel
  ☆11Updated 4 years ago
• williballenthin / viv-utils
  Utilities for working with vivisect
  ☆25Updated 4 months ago
• EricZimmerman / OleCf
  Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does…
  ☆19Updated 5 months ago
• JPCERTCC / etw-scan
  ETW forensic tool for Volatility3 plugin
  ☆15Updated 8 months ago
• cube0x8 / ChromeRagamuffin
  Google Chrome internals analysis using Volatility
  ☆42Updated 2 years ago
• 0xThiebaut / Signatures
  🚧 Currently transfering TLP:CLEAR rules from TLP:AMBER repository...
  ☆21Updated last year
• JPCERTCC / QuasarRAT-Analysis
  QuasarRAT analysis tools and research report
  ☆27Updated last year