This is an MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all. It uses Omer BenAmram's great MFT rust parsing libraries, which allows a great speed and efficiency in the process. The integration with the USN Journal parser allows to have in the same timeline the combined MFT and USN data. You can use as input files either individual files derived from a triage or a forensic image in RAW format or a mixture of both modes. In case the input is RAW the artifacts will be dumped in a selected directory.

MFTMactime Description

Triage

MFT

MFTMactime Media

No Media Yet

This tool doesn't have any media yet. Check the official website for screenshots and videos.

MFTMactime Features

Unlock all features

MFTMactime Integrations

Unlock all integrations

NIST CSF 2.0 Mapping

Access NIST CSF 2.0 data from thousands of security products via MCP to assess your stack coverage.

Access via MCP

No reviews yet

Be the first security professional to share your experience with MFTMactime. Your review helps CISOs and security teams make better decisions.

MFTMactime Vendor Resources

No Resources Listed

This tool doesn't have any vendor resources listed yet. Check the tool's official website for documentation, whitepapers, and other resources.

MFTMactime FAQ

Common questions about MFTMactime including features, pricing, alternatives, and user reviews.

What is MFTMactime?

MFTMactime is MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support. It is a Security Operations solution designed to help security teams with Triage, MFT.

What is the pricing for MFTMactime?

What are alternatives to MFTMactime?