MFTMactime
This is an MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all. It uses Omer BenAmram's great MFT rust parsing libraries, which allows a great speed and efficiency in the process. The integration with the USN Journal parser allows to have in the same timeline the combined MFT and USN data. You can use as input files either individual files derived from a triage or a forensic image in RAW format or a mixture of both modes. In case the input is RAW the artifacts will be dumped in a selected directory.
FEATURES
ALTERNATIVES
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.
A tool for triaging crash files with various output formats and debugging engine options.
Open Source computer forensics platform with modular design for easy automation and scripting.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A tool for extracting files from packet capture files with ease of use and extensibility for Python developers.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.