MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all.
-
Updated
May 10, 2023 - Python
#
ntfs-ads
Here are 4 public repositories matching this topic...
A syntactic sugar PS module for managing NTFS Alternate Data Streams
-
Updated
Aug 16, 2019 - PowerShell
Alternate Data Streams (ADS) in NTFS allow multiple data streams to be associated with a single file. In addition to the main data stream, files can store extra data under different names. This feature is often used for metadata but can also be exploited to hide information or malware within a file.
-
Updated
Dec 26, 2024
Improve this page
Add a description, image, and links to the ntfs-ads topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the ntfs-ads topic, visit your repo's landing page and select "manage topics."