thewhiteninja / ntfstool
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
☆506Updated last year
Alternatives and similar repositories for ntfstool:
Users that are interested in ntfstool are comparing it to the libraries listed below
- Dynamic unpacker based on PE-sieve☆720Updated 3 weeks ago
- The multi-platform memory acquisition tool.☆772Updated 4 months ago
- PE-bear (builds only)☆775Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆738Updated last year
- A Pin Tool for tracing API calls etc☆1,409Updated 2 months ago
- Event Tracing For Windows (ETW) Resources☆371Updated 6 months ago
- A wireshark plugin to instrument ETW☆555Updated 3 years ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆616Updated last month
- Library and tools to access the Windows New Technology File System (NTFS)☆202Updated 9 months ago
- Parses $MFT from NTFS file systems☆235Updated 3 weeks ago
- $MFT directory tree reconstruction & FILE record info☆305Updated 6 months ago
- View ETW Provider manifest☆475Updated 5 months ago
- Lnk Explorer Command line edition!!☆298Updated 3 months ago
- An index of Windows binaries, including download links for executables such as exe, dll and sys files☆645Updated this week
- Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.☆898Updated 3 years ago
- Living Off The Land Drivers☆1,147Updated last week
- An AFF4 C++ implementation.☆198Updated 2 years ago
- Windows Object Explorer 64-bit☆1,734Updated last week
- A tool that shows detailed information about named pipes in Windows☆620Updated 5 months ago
- PoCs and tools for investigation of Windows process execution techniques☆914Updated last month
- Process Monitor X v2☆604Updated last year
- Sysmon-Like research tool for ETW☆353Updated 2 years ago
- PEiD detects most common packers, cryptors and compilers for PE files.☆282Updated 8 years ago
- A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analys…☆345Updated 2 months ago
- Linker/Compiler/Tool detector for Windows, Linux and MacOS.☆551Updated this week
- Important notes and topics on my journey towards mastering Windows Internals☆374Updated 11 months ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,197Updated last month
- Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.☆591Updated 2 weeks ago
- An NTFS/FAT parser for digital forensics & incident response☆200Updated 5 months ago
- ☆508Updated 3 months ago