thewhiteninja / ntfstoolLinks
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
☆519Updated last year
Alternatives and similar repositories for ntfstool
Users that are interested in ntfstool are comparing it to the libraries listed below
Sorting:
- The multi-platform memory acquisition tool.☆797Updated 6 months ago
- PE-bear (builds only)☆779Updated last year
- A Pin Tool for tracing API calls etc☆1,439Updated last month
- Dynamic unpacker based on PE-sieve☆732Updated last week
- View ETW Provider manifest☆489Updated 7 months ago
- Event Tracing For Windows (ETW) Resources☆386Updated 8 months ago
- RpcView is a free tool to explore and decompile Microsoft RPC interfaces☆976Updated last year
- Process Monitor X v2☆613Updated last year
- A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analys…☆352Updated 4 months ago
- Linker/Compiler/Tool detector for Windows, Linux and MacOS.☆557Updated this week
- $MFT directory tree reconstruction & FILE record info☆305Updated 7 months ago
- Library and tools to access the Windows New Technology File System (NTFS)☆208Updated 10 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆627Updated 2 months ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆750Updated last year
- Converts a EXE into DLL☆1,313Updated 3 weeks ago
- Parses $MFT from NTFS file systems☆243Updated 3 weeks ago
- A DTrace on Windows Reimplementation☆348Updated 4 months ago
- Windows kernel and user mode emulation.☆1,658Updated 2 months ago
- A tool that shows detailed information about named pipes in Windows☆645Updated 6 months ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,222Updated last week
- Windows System Explorer☆853Updated last year
- An index of Windows binaries, including download links for executables such as exe, dll and sys files☆656Updated this week
- Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.☆610Updated last week
- A Binary Genetic Traits Lexer Framework☆494Updated 3 months ago
- Windows Object Explorer 64-bit☆1,760Updated this week
- Prefetch Explorer Command Line☆256Updated 4 months ago
- Important notes and topics on my journey towards mastering Windows Internals☆389Updated last year
- A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to …☆294Updated 2 years ago
- Living Off The Land Drivers☆1,180Updated 2 weeks ago
- Win32 and Kernel abusing techniques for pentesters☆954Updated last year