dfir_ntfs
File system analyzer
A digital forensics tool for parsing and analyzing NTFS/FAT file systems.
An NTFS/FAT parser for digital forensics & incident response
196 stars
21 watching
30 forks
Language: Python
last commit: 4 months ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 fox-it/dissect.ntfs | A Dissect module implementing a parser for the NTFS file system used by Windows operating systems | 8 |
 thewhiteninja/ntfstool | A forensic tool for analyzing NTFS volumes and decrypting encrypted files | 485 |
 arxsys/dff | A framework for automating digital forensic analysis and incident response | 276 |
 forensicmatt/pancakeviewer | A graphical user interface for viewing and analyzing files and volumes in a forensic context | 40 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 790 |
 kero99/mftmactime | Analyzes and processes NTFS file system data to extract timeline information and run YARA rules for malware detection. | 12 |
 travisfoley/dfirtriage | A digital forensic tool designed to gather and analyze data from Windows-based systems in incident response scenarios. | 335 |
 williballenthin/indxparse | A tool suite for parsing NTFS artifacts and extracting information from INDX files. | 215 |
 jklepsercyber/defender-detectionhistory-parser | A Python-based tool for parsing and analyzing Windows Defender's DetectionHistory forensic artifact. | 110 |
 teamdfir/sift | A suite of tools and images for building and managing digital forensics environments on AWS | 494 |
| fox-it/dissect | A digital forensics framework that provides tools and parsers to analyze forensic artefacts from various disk and file formats. | 939 |
 idiom/pftriage | Tool to analyze files during malware analysis and triage by extracting properties and detecting malicious indicators. | 77 |
 codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 234 |
 poorbillionaire/usn-journal-parser | A Python script to parse the NTFS USN journal and extract metadata changes for forensic analysis. | 108 |
| fox-it/dissect.fat | A Dissect module implementing parsers for FAT and exFAT file systems. | 2 |