mftmactime
NTFS analyzer
Analyzes and processes NTFS file system data to extract timeline information and run YARA rules for malware detection.
MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all.
12 stars
2 watching
2 forks
Language: Python
last commit: over 1 year ago
Linked from 1 awesome list
forensics-toolsmftntfsntfs-adsntfs-journalpython
cugu/awesome-forensicsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 thewhiteninja/ntfstool | A forensic tool for analyzing NTFS volumes and decrypting encrypted files | 478 |
 mitre/multiscanner | Automated file analysis framework with modular design and distributed workflow | 617 |
 msuhanov/dfir_ntfs | A digital forensics tool for parsing and analyzing NTFS/FAT file systems. | 191 |
 aarsakian/mftextractor | Tool to parse and extract information from NTFS Master File Table (MFT) files. | 14 |
 williballenthin/python-ntfs | A Python library for analyzing and working with NTFS file systems. | 80 |
 k-sec-tools/yarafilecheckerlib | A YARA-based library to analyze files and archives for potential maliciousness | 2 |
 evild3ad/memprocfs-analyzer | Automated forensic analysis tool for Windows memory dumps | 540 |
 xplico/xplico | Analyzes network traffic data from captured packets to extract and decode specific protocols and information. | 182 |
 poorbillionaire/usn-journal-parser | A Python script to parse the NTFS USN journal and extract metadata changes for forensic analysis. | 107 |
 xumeiquer/yara-forensics | A set of Yara rules for forensic file analysis | 135 |
 usualsuspect/malscan | A tool to detect and analyze malicious code in process memory by executing Python scripts on YARA matches | 12 |
 n0fate/volafox | A memory analysis toolkit for macOS developed in Python | 165 |
 lprat/static_file_analysis | Analyzes files to detect malware and extract embedded content | 49 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 781 |
 sambaranban/fscnmf | Provides code and data support for FSCNMF, a network representation technique. | 2 |