MFT Parsers Review
0 (0)
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
liblnk is a library to access the Windows Shortcut File (LNK) format. It provides a way to read and parse LNK files, with planned features including data block support, shell item support, and multi-threading support. The library is currently in alpha status and is licensed under LGPLv3+.
Review of various MFT parsers used in digital forensics for analyzing NTFS file systems.
Open source Python library for NTFS analysis
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
Digital investigation tool for extracting forensic data from computers and managing investigations.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.