sumeshi / ntfsdumpLinks
An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.
☆21Updated last year
Alternatives and similar repositories for ntfsdump
Users that are interested in ntfsdump are comparing it to the libraries listed below
Sorting:
- An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.☆26Updated last year
- Windows Event Log Knowledge Base☆26Updated 11 months ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆11Updated 3 months ago
- xlrd2 is a variant of xlrd that is actively maintained☆23Updated last year
- ☆57Updated 11 months ago
- volatility explorer☆92Updated 4 years ago
- Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff☆57Updated last week
- Rekall Memory Forensic Framework☆33Updated 6 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆79Updated last week
- NTFS samples☆25Updated 5 years ago
- Library for Windows XML Event Log (EVTX) data types☆18Updated last year
- Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does…☆19Updated 7 months ago
- Utilities for working with vivisect☆25Updated 6 months ago
- ☆29Updated 3 weeks ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆44Updated 4 years ago
- Extension blocks as found in ShellBags and other places in the Registry☆25Updated 8 months ago
- Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.☆18Updated last year
- ☆25Updated last year
- ☆23Updated 11 months ago
- Autopsy Module to analyze Registry Hives☆15Updated 3 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆23Updated last year
- Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.☆27Updated 3 years ago
- Generates YARA rules to detect malware using API hashing☆17Updated 4 years ago
- Tools for macOS Forensic Bootable media☆15Updated 5 years ago
- ☆23Updated 4 years ago
- Help deobfuscate VBScript☆16Updated 3 years ago
- Windows Process Lockdown Tool using Job Objects☆70Updated 11 years ago
- Windows link file (shortcuts) examiner☆68Updated last year
- Extract files from NTFS Volume☆33Updated 4 years ago