There are no reviews yet. Be the first to send feedback to the community and the maintainers!
RunAsTI
Launch processes with TrustedInstaller privilegeRawCopy
Commandline low level file extractor for NTFSMft2Csv
Extract $MFT record info and log it to a csv file.LogFileParser
Parser for $LogFile on NTFSExtractUsnJrnl
Tool to extract the $UsnJrnl from an NTFS volumeUsnJrnl2Csv
Parser for $UsnJrnl on NTFSSetMace
Manipulate timestamps on NTFSEaTools
Analysis and manipulation of extended attribute ($EA) on NTFSIndx2Csv
An advanced parser for INDX recordsPowerMft
Powerful commandline $MFT record editor.SectorIo
Kernel mode driver for writing to physical disk with SL_FORCE_DIRECT_WRITESecure2Csv
Decode security descriptors in $Secure on NTFSNtfsFileExtractor
Extract files off NTFSMftCarver
Carve $MFT records from a chunk of data (for instance a memory dump)SetRegTime
Registry timestamp manipulationHideAndProtect
Makes files super hidden on NTFSNtSuspendProcess
Suspend and resume processes by using functions in ntdll.dll.MftRcrd
Command line $MFT record decoderStegoMft
PoC for hiding data within $MFTIndxCarver
Carve INDX records from a chunk of data.UsnJrnlCarver
Carving Usn pages (UsnJrnl records)MyDiskEraser
How to make your own disk erasing boot cd.NativeRegMod
A native application that can modify registryRegKeyFixer
Dealing with certain invalid registry keysRcrdCarver
Carve RCRD records ($LogFile) from a chunk of data.ProcessCritical
Manipulate ProcessBreakOnTermination in ProcessInfoClass on any process from command lineExtractAllAttributes
Extracts all attributes of files on NTFSMakeImage
Create graphic bitmap from binary data.ExtractFromDataRun
Extract files from NTFS by run listRemoveCertificate
Removes the authenticode digital signature (certificate) from an executableMakeContainer
Tools to create special containers for patched VeraCrypt/TrueCryptTiny_NTFS
Smallest possible size of a NTFS partitionHexDump
Dump binary data to console from file or diskPartDump
Utility to dump basic volume information from a disk object.Volsnap-Bug-Content
Content for a volsnap.sys bug analysisVeraCrypt
Tweaked version for supporting arbitrary offsets.GetProcAddressGUI
Retrieve shellcode formatted address of function from moduleBinary2Bmp
Turn any file into a bmpLove Open Source and this site? Check out how you can help us