Skip to content
An NTFS parser for digital forensics & incident response
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
dfir_ntfs Minor update. Jul 26, 2019
test_data Update. Jul 20, 2019
ChangeLog Minor update. Jul 26, 2019
License Initial release (beta). Feb 13, 2019
License.Python-LLFUSE Update. Jul 15, 2019
ReadMe Minor update. Jul 26, 2019
ntfs_parser Update. Jul 7, 2019
setup.py Minor update. Jul 15, 2019
test_cases.py
vsc_mount Minor update. Jul 26, 2019

ReadMe

dfir_ntfs: an NTFS parser for digital forensics & incident response
(Python 3 only.)

1. Project goals

- Parse $MFT, $UsnJrnl:$J, $LogFile files, extract as much data as possible.
- Parse volumes and volume images.

2. Installation

# pip3 install https://github.com/msuhanov/dfir_ntfs/archive/1.0.0-beta19.tar.gz

3. License

This project is made available under the terms of the GNU GPL, version 3.
See the 'License' file.

The first exception is the "nist-hacking-case.mft" file.
This file is from the NIST Hacking Case, which is distributed by NIST. See
the 'Use of NIST Information' section here: <https://www.nist.gov/disclaimer>.

The second exception is boot code embedded in some test data.
This code is not covered by the GNU GPL, version 3.

(All exceptions are in the "test_data" directory, which is not installed.)

---
(c) Maxim Suhanov
You can’t perform that action at this time.