MFT_Browser
Recreates the File/Directory tree structure from an (extracted) $MFT file. Supports both 1024 & 4096 byte long records. Able to carve FILE records & recreate a Directory tree from a Raw Image (v.60+). Able to extract the $MFT & recreate the Directory tree from a mounted NTFS volume (Volume must have a drive letter) (v.60+). Latest Version: [Dependencies] .NET Framework 4.8, Powershell Version: 5.1. 'Node Properties' right-click option or Double-clicking on any file/directory entry gets the full MFT details for that record. Clicking on any detail of the record shows the source of the detail in the Hex view grid. All timestamps are in UTC. Standalone GUI Calc for Dataruns: => MFT_dataruns. Note: Recreating the directory tree from large MFT files might take a lot of time (possibly hour(s)), as it needs to map each child record to its parent node, and as the structure grows, the time needed grows exponentially. $MFT Structures (pdf), Using MFTbrowser (pdf), How to view a single record from a large MFT file (pdf), Reparse point examples (pdf), Small test $MFT files to play with can be found on the provided links.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Digital investigation tool for extracting forensic data from computers and managing investigations.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
A tool that uses Plaso to parse forensic artifacts and disk images, creating custom reports for easier analysis.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.