Sign up for your own profile on GitHub, the best place to host code, manage projects, and build software alongside 28 million developers.
Hide content and notifications from this user.
Contact Support about this user’s behavior.
Parser for $UsnJrnl on NTFS
Launch processes with TrustedInstaller privilege
Commandline low level file extractor for NTFS
Create graphic bitmap from binary data.
Tools to create special containers for patched VeraCrypt/TrueCrypt
An advanced parser for INDX records
Tweaked version for supporting arbitrary offsets.
Extract $MFT record info and log it to a csv file.
Command line $MFT record decoder
Parser for $LogFile on NTFS
Decode security descriptors in $Secure on NTFS
Tool to extract the $UsnJrnl from an NTFS volume
Carve $MFT records from a chunk of data (for instance a memory dump)
Carve INDX records from a chunk of data.
Carve RCRD records ($LogFile) from a chunk of data.
Dump binary data to console from file or disk
Utility to dump basic volume information from a disk object.
Carving Usn pages (UsnJrnl records)
Resolve file index number to name or vice versa on NTFS
A low level dir command for NTFS volumes
Powerful commandline $MFT record editor.
Analysis and manipulation of extended attribute ($EA) on NTFS
Manipulate timestamps on NTFS
Extract files off NTFS
Kernel mode driver for writing to physical disk with SL_FORCE_DIRECT_WRITE
PoC for hiding data within $MFT
Makes files super hidden on NTFS
Extracts all attributes of files on NTFS
Smallest possible size of a NTFS partition
A native application that can modify registry