4 tools and resources
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
Tool for parsing NTFS journal files, $Logfile, and $MFT.
