Alternatives and similar repositories for ntfsdump

Users that are interested in ntfsdump are comparing it to the libraries listed below

• sumeshi / ntfsfind
  An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.
  ☆26Updated last year
• libyal / winevt-kb
  Windows Event Log Knowledge Base
  ☆27Updated this week
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆79Updated last month
• ydkhatri / macOS_FE
  Tools for macOS Forensic Bootable media
  ☆15Updated 5 years ago
• DissectMalware / xlrd2
  xlrd2 is a variant of xlrd that is actively maintained
  ☆23Updated last year
• herosi / triage-collector
  ☆23Updated last year
• ufrisk / MemProcFS-plugins
  ☆59Updated last year
• sumeshi / mft2es
  A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.
  ☆11Updated 3 months ago
• tccontre / KnowledgeBase
  Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff
  ☆57Updated last month
• msuhanov / ntfs-samples
  NTFS samples
  ☆25Updated 5 years ago
• memoryforensics1 / VolExp
  volatility explorer
  ☆92Updated 4 years ago
• DissectMalware / yaradbg-backend
  ☆25Updated last year
• AndrewRathbun / VanillaWindowsRegistryHives
  A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…
  ☆48Updated 2 weeks ago
• ydkhatri / Appx-Analysis
  Scripts and tools created for appx analysis talk (Magnet summit 2019)
  ☆18Updated last year
• EricZimmerman / ExtensionBlocks
  Extension blocks as found in ShellBags and other places in the Registry
  ☆25Updated 9 months ago
• c3rb3ru5d3d53c / karton-unpacker
  A modular Karton Framework service that unpacks common packers like UPX and others using the Qiling Framework.
  ☆58Updated 4 years ago
• NTFSparse / ntfs_parse
  NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl
  ☆37Updated 9 years ago
• Cainor / Calendarinho
  Manage Your Large Team of Consultants
  ☆11Updated last month
• stairwell-inc / threat-research
  Repository of tools, YARA rules, and code-snippets from Stairwell's research team.
  ☆23Updated last year
• EricZimmerman / OleCf
  Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does…
  ☆19Updated 8 months ago
• EricZimmerman / WxTCmd
  ☆21Updated last month
• avast / yls
  YARA Language Server
  ☆73Updated this week
• analyzeDFIR / analyzePF
  Tool for analysis of Windows Prefetch files
  ☆26Updated 6 years ago
• memprocfshunt / MemProcFSHunter
  A powershell parser for https://github.com/ufrisk/MemProcFS
  ☆43Updated 4 years ago
• iAbdullahMughal / dscan
  D-Scan project for office document analysis and generating flow diagram of macro in documents. For demo visit
  ☆29Updated 3 months ago
• 5ha0 / fortools
  ☆14Updated 5 years ago
• msuhanov / winmem_decompress
  Extract compressed memory pages from page-aligned data
  ☆46Updated 7 years ago
• forensicmatt / libtsk-rs
  Wrapper for TSK (Sleuth Kit) Bindings
  ☆12Updated 2 years ago
• sandflysecurity / sandfly-file-decloak
  Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
  ☆27Updated 2 weeks ago
• hasherezade / tag_converter
  ☆23Updated 4 years ago