nTimetools
0 (0)
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
A Parser of Master File Table NTFS file system. Using this tool you can explore $MFT NTFS and its file system attributes. You can selectively extract filesystem information of record or for a range of records. In addition, you can export the contents of files. Exporting files can be achieved either by mounting the evidence and providing its physical drive order and partition number or by using the acquired forensic image (Expert Witness Format), or virtual machine disk format. Examples you can now explore NTFS by providing physical drive number and partition number e.g. -physicaldrive 0 -partition 1 translates to \.\
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
Python tool for remote memory acquisition
A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.
A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.