jschicht

Researcher and Forensic Analyst

Norway, Bergen

Pinned Repositories

EaTools
Analysis and manipulation of extended attribute ($EA) on NTFS
Language:AutoIt39 8 313
ExtractUsnJrnl
Tool to extract the $UsnJrnl from an NTFS volume
Language:AutoIt105 13 720
Indx2Csv
An advanced parser for INDX records
Language:AutoIt27 5 04
LogFileParser
Parser for $LogFile on NTFS
Language:AutoIt192 21 428
Mft2Csv
Extract $MFT record info and log it to a csv file.
Language:AutoIt263 22 1230
PowerMft
Powerful commandline $MFT record editor.
Language:AutoIt23 4 05
RawCopy
Commandline low level file extractor for NTFS
Language:AutoIt277 31 2742
RunAsTI
Launch processes with TrustedInstaller privilege
Language:AutoIt404 24 1079
SetMace
Manipulate timestamps on NTFS
Language:AutoIt50 5 57
UsnJrnl2Csv
Parser for $UsnJrnl on NTFS
Language:AutoIt108 16 115

jschicht's Repositories

jschicht/RunAsTI
Launch processes with TrustedInstaller privilege
Language:AutoIt404 24 1079
jschicht/RawCopy
Commandline low level file extractor for NTFS
Language:AutoIt277 31 2742
jschicht/Mft2Csv
Extract $MFT record info and log it to a csv file.
Language:AutoIt263 22 1230
jschicht/LogFileParser
Parser for $LogFile on NTFS
Language:AutoIt192 21 428
jschicht/UsnJrnl2Csv
Parser for $UsnJrnl on NTFS
Language:AutoIt108 16 115
jschicht/ExtractUsnJrnl
Tool to extract the $UsnJrnl from an NTFS volume
Language:AutoIt105 13 720
jschicht/SetMace
Manipulate timestamps on NTFS
Language:AutoIt50 5 57
jschicht/EaTools
Analysis and manipulation of extended attribute ($EA) on NTFS
Language:AutoIt39 8 313
jschicht/Indx2Csv
An advanced parser for INDX records
Language:AutoIt27 5 04
jschicht/PowerMft
Powerful commandline $MFT record editor.
Language:AutoIt23 4 05
jschicht/SectorIo
Kernel mode driver for writing to physical disk with SL_FORCE_DIRECT_WRITE
Language:C22 8 215
jschicht/Secure2Csv
Decode security descriptors in $Secure on NTFS
Language:AutoIt20 4 14
jschicht/NtfsFileExtractor
Extract files off NTFS
Language:AutoIt19 6 07
jschicht/MftCarver
Carve $MFT records from a chunk of data (for instance a memory dump)
Language:AutoIt16 3 04
jschicht/HideAndProtect
Makes files super hidden on NTFS
Language:AutoIt15 5 03
jschicht/StegoMft
PoC for hiding data within $MFT
Language:AutoIt12 3 01
jschicht/MftRcrd
Command line $MFT record decoder
Language:AutoIt11 5 27
jschicht/UsnJrnlCarver
Carving Usn pages (UsnJrnl records)
Language:AutoIt10 5 01
jschicht/IndxCarver
Carve INDX records from a chunk of data.
Language:AutoIt9 3 02
jschicht/RcrdCarver
Carve RCRD records ($LogFile) from a chunk of data.
Language:AutoIt6 4 02
jschicht/ExtractAllAttributes
Extracts all attributes of files on NTFS
Language:AutoIt5 3 0
jschicht/MakeContainer
Tools to create special containers for patched VeraCrypt/TrueCrypt
Language:AutoIt4 3 0
jschicht/MakeImage
Create graphic bitmap from binary data.
Language:AutoIt4 3 0
jschicht/HexDump
Dump binary data to console from file or disk
Language:AutoIt3 3 0
jschicht/PartDump
Utility to dump basic volume information from a disk object.
Language:AutoIt3 3 1
jschicht/RawDir
A low level dir command for NTFS volumes
Language:AutoIt3 4 03
jschicht/Tiny_NTFS
Smallest possible size of a NTFS partition
3 3 1
jschicht/VeraCrypt
Tweaked version for supporting arbitrary offsets.
Language:C1 3 0
jschicht/Volsnap-Bug-Content
Content for a volsnap.sys bug analysis
Language:PowerShell1 2 0
jschicht/MftRef2Name
Resolve file index number to name or vice versa on NTFS
Language:AutoIt4 02