MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all.
-
Updated
May 10, 2023 - Python
#
ntfs-journal
Here is 1 public repository matching this topic...
Improve this page
Add a description, image, and links to the ntfs-journal topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the ntfs-journal topic, visit your repo's landing page and select "manage topics."