There are no reviews yet. Be the first to send feedback to the community and the maintainers!
RunAsTI
Launch processes with TrustedInstaller privilegeRawCopy
Commandline low level file extractor for NTFSMft2Csv
Extract $MFT record info and log it to a csv file.LogFileParser
Parser for $LogFile on NTFSExtractUsnJrnl
Tool to extract the $UsnJrnl from an NTFS volumeUsnJrnl2Csv
Parser for $UsnJrnl on NTFSSetMace
Manipulate timestamps on NTFSEaTools
Analysis and manipulation of extended attribute ($EA) on NTFSPowerMft
Powerful commandline $MFT record editor.Indx2Csv
An advanced parser for INDX recordsSectorIo
Kernel mode driver for writing to physical disk with SL_FORCE_DIRECT_WRITESecure2Csv
Decode security descriptors in $Secure on NTFSNtfsFileExtractor
Extract files off NTFSSetRegTime
Registry timestamp manipulationHideAndProtect
Makes files super hidden on NTFSMftCarver
Carve $MFT records from a chunk of data (for instance a memory dump)MftRcrd
Command line $MFT record decoderNtSuspendProcess
Suspend and resume processes by using functions in ntdll.dll.StegoMft
PoC for hiding data within $MFTIndxCarver
Carve INDX records from a chunk of data.UsnJrnlCarver
Carving Usn pages (UsnJrnl records)MyDiskEraser
How to make your own disk erasing boot cd.NativeRegMod
A native application that can modify registryProcessCritical
Manipulate ProcessBreakOnTermination in ProcessInfoClass on any process from command lineExtractAllAttributes
Extracts all attributes of files on NTFSRcrdCarver
Carve RCRD records ($LogFile) from a chunk of data.RemoveCertificate
Removes the authenticode digital signature (certificate) from an executableMakeContainer
Tools to create special containers for patched VeraCrypt/TrueCryptMakeImage
Create graphic bitmap from binary data.Tiny_NTFS
Smallest possible size of a NTFS partitionExtractFromDataRun
Extract files from NTFS by run listPartDump
Utility to dump basic volume information from a disk object.RawDir
A low level dir command for NTFS volumesHexDump
Dump binary data to console from file or diskVolsnap-Bug-Content
Content for a volsnap.sys bug analysisVeraCrypt
Tweaked version for supporting arbitrary offsets.GetProcAddressGUI
Retrieve shellcode formatted address of function from moduleBinary2Bmp
Turn any file into a bmpLove Open Source and this site? Check out how you can help us