ntfstool
NTFS analyzer
A forensic tool for analyzing NTFS volumes and decrypting encrypted files
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
485 stars
23 watching
98 forks
Language: C++
last commit: over 2 years ago bitlockerbtreecompresseddiskefsfvegptlogfilembrmftntfsparserreparsesmartsparseundeleteusnvbrvmkvss
Related projects:
| Repository | Description | Stars |
|---|---|---|
 williballenthin/python-ntfs | A Python library for analyzing and working with NTFS file systems. | 81 |
 msuhanov/dfir_ntfs | A digital forensics tool for parsing and analyzing NTFS/FAT file systems. | 196 |
 kero99/mftmactime | Analyzes and processes NTFS file system data to extract timeline information and run YARA rules for malware detection. | 12 |
 xplico/xplico | Analyzes network traffic data from captured packets to extract and decode specific protocols and information. | 183 |
| williballenthin/indxparse | A tool suite for parsing NTFS artifacts and extracting information from INDX files. | 215 |
 nesfit/netfoxdetective | A network forensic analysis tool that extracts content from communication protocols and visualizes it in various ways | 38 |
 pjrinaldi/wombatforensics | A multi-threaded GUI forensic analysis tool for Linux | 48 |
 nachoparker/dutree | A tool to analyze and visualize file system usage in various formats | 827 |
 fox-it/dissect.ntfs | A Dissect module implementing a parser for the NTFS file system used by Windows operating systems | 8 |
 0x4d31/fatt | A tool for extracting network metadata and fingerprints from packet capture files or live network traffic. | 661 |
 antagon/tchunt-ng | A tool that uses various tests to identify and analyze encrypted files on a filesystem. | 52 |
| fox-it/dissect.vmfs | A Dissect module parsing VMFS file system structure and layout | 3 |
 lazza/recuperabit | A tool to analyze and reconstruct damaged file systems | 549 |
| fox-it/dissect.xfs | A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions. | 2 |
 aarsakian/mftextractor | Tool to parse and extract information from NTFS Master File Table (MFT) files. | 14 |