GitHub / kero99 / mftmactime
MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all.
JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kero99%2Fmftmactime
PURL: pkg:github/kero99/mftmactime
Stars: 13
Forks: 2
Open issues: 0
License: None
Language: Python
Size: 32.2 KB
Dependencies parsed at: Pending
Created at: about 3 years ago
Updated at: 5 months ago
Pushed at: about 2 years ago
Last synced at: 3 months ago
Topics: forensics-tools, mft, ntfs, ntfs-ads, ntfs-journal, python