| INDXRipper |
GitHub Release |
Carve file metadata from NTFS index ($I30) attributes |
ntfs, filesystem, forensics, metadata |
.bin |
|
| MFTBrowser |
GitHub Release |
$MFT directory tree reconstruction & FILE record info |
ntfs, filesystem, forensics |
.mft |
|
| OSFMount |
Winget |
OSFMount is a tool for mounting disk images and virtual hard disks as virtual drives. It can be used for analyzing disk images, accessing files within them, and performing forensic analysis on the mounted images. |
disk-forensics, filesystem |
.dd, .raw, .E01, .img, .vmdk, .iso |
|
| Sleuthkit |
GitHub Release |
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. |
disk-forensics, filesystem, forensics |
.dd, .raw, .E01, .img, .vmdk |
|
| dfir_ntfs |
Python |
An NTFS/FAT parser for digital forensics & incident response. |
ntfs, filesystem, forensics, disk-forensics |
.mft, .dd, .raw, .img |
|