thewhiteninja / ntfstoolLinks
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
☆538Updated 2 years ago
Alternatives and similar repositories for ntfstool
Users that are interested in ntfstool are comparing it to the libraries listed below
Sorting:
- The multi-platform memory acquisition tool.☆843Updated 3 months ago
- PE-bear (builds only)☆782Updated 2 years ago
- Dynamic unpacker based on PE-sieve☆760Updated last week
- View ETW Provider manifest☆530Updated 10 months ago
- Lnk Explorer Command line edition!!☆324Updated 8 months ago
- Parses $MFT from NTFS file systems☆263Updated 4 months ago
- $MFT directory tree reconstruction & FILE record info☆311Updated 11 months ago
- A wireshark plugin to instrument ETW☆569Updated 3 years ago
- Linker/Compiler/Tool detector for Windows, Linux and MacOS.☆570Updated this week
- Living Off The Land Drivers☆1,286Updated last week
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆675Updated 2 months ago
- Event Tracing For Windows (ETW) Resources☆399Updated 11 months ago
- Prefetch Explorer Command Line☆269Updated 8 months ago
- An index of Windows binaries, including download links for executables such as exe, dll and sys files☆702Updated this week
- Library and tools to access the Windows New Technology File System (NTFS)☆216Updated last year
- Windows registry file format specification☆345Updated 6 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆774Updated last year
- Windows System Explorer☆866Updated last year
- A Pin Tool for tracing API calls etc☆1,536Updated last week
- A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analys…☆391Updated 8 months ago
- PE file viewer/editor for Windows, Linux and MacOS.☆1,141Updated this week
- Process Monitor X v2☆632Updated last year
- Windows Registry Knowledge Base☆186Updated 11 months ago
- A tool that shows detailed information about named pipes in Windows☆695Updated 10 months ago
- Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.☆646Updated 3 weeks ago
- A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to …☆310Updated 2 months ago
- Regshot is a small, free and open-source registry compare utility that allows you to quickly take a snapshot of your registry and then co…☆415Updated 6 years ago
- A Binary Genetic Traits Lexer Framework☆515Updated last month
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆633Updated this week
- Windows kernel and user mode emulation.☆1,757Updated 5 months ago