Tag Archives: NTFS
Autopsy – Digital Forensic Program and Sleuth Kit GUI
Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military
NTFS Log Tracker – Tool to Parse NTFS Logs
NTFS Log Tracker is a tool that can parse $LogFile, $UsnJrnl of NTFS.A input of this tool is sample file extracted by another tool like Encase, Winhex.
NTFS Journal Viewer – Tool to Investigate NTFS Changes
NTFS Journal Viewer (JV) is a portable tool that extracts and parses the NTFS change journal ($UsnJrnl) file. The change journal is a file that records when changes are made to files and directories and therefore can provide a wealth
AlternateStreamView – Tool to Investigate ADS File System
AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system.
RecuperaBit – Tool for Forensic File Reconstruction
RecuperaBit is a software which attempts to reconstruct file system structures and recover files.
MFTDump – Tool to Parse MFT Files
MFTDump is a tool provides a quick and easy way to extract forensic metadata from an NTFS volume $MFT file.
