Category: $MFT Parser

Analyze MFT

analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. https://github.com/dkovar/analyzeMFT

Permanent link to this article: http://www.darknessgate.com/2016/10/07/analyze-mft/

Mft2Csv

Extract $MFT record info and log it to a csv file. This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2016/10/07/mft2csv/