MFTMactime Logo

MFTMactime

0
Free
Updated 11 March 2025
Digital Forensics
Mft
File System
Forensic Analysis
Triage
Visit Website

This is an MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all. It uses Omer BenAmram's great MFT rust parsing libraries, which allows a great speed and efficiency in the process. The integration with the USN Journal parser allows to have in the same timeline the combined MFT and USN data. You can use as input files either individual files derived from a triage or a forensic image in RAW format or a mixture of both modes. In case the input is RAW the artifacts will be dumped in a selected directory.

FEATURES

EXPLORE BY TAGS

Mft

File System

Forensic Analysis

Triage

SIMILAR TOOLS

USN-Journal-Parser Logo
USN-Journal-Parser

Python script to parse the NTFS USN Change Journal.

Free
Digital Forensics
APFS FUSE Driver for Linux Logo
APFS FUSE Driver for Linux

A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.

Free
Digital Forensics
imagemounter Logo
imagemounter

A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.

Free
Digital Forensics
bstrings Logo
bstrings

A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.

Free
Digital Forensics
libvmdk Logo
libvmdk

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

Free
Digital Forensics
Orochi Logo
Orochi

Orochi is a collaborative forensic memory dump analysis framework.

Free
Digital Forensics
libevtx Logo
libevtx

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

Free
Digital Forensics
Diffy (DEPRECATED) Logo
Diffy (DEPRECATED)

Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.

Free
Digital Forensics
cabextract Logo
cabextract

Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.

Free
Digital Forensics

PINNED

Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy