MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all.
-
Updated
May 10, 2023 - Python
#
ntfs-journal
Here are 3 public repositories matching this topic...
-
Updated
Oct 3, 2017 - C#
Get-UsnJrnlInfo - Get UsnJrnl Information from extracted $Max file
-
Updated
Dec 20, 2021 - PowerShell
Improve this page
Add a description, image, and links to the ntfs-journal topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the ntfs-journal topic, visit your repo's landing page and select "manage topics."