jschicht

Researcher and Forensic Analyst

Norway, Bergen

Pinned Repositories

EaTools
Analysis and manipulation of extended attribute ($EA) on NTFS
Language:AutoIt38 8 313
ExtractUsnJrnl
Tool to extract the $UsnJrnl from an NTFS volume
Language:AutoIt103 13 719
Indx2Csv
An advanced parser for INDX records
Language:AutoIt24 5 04
LogFileParser
Parser for $LogFile on NTFS
Language:AutoIt183 21 430
Mft2Csv
Extract $MFT record info and log it to a csv file.
Language:AutoIt251 22 1231
PowerMft
Powerful commandline $MFT record editor.
Language:AutoIt22 4 05
RawCopy
Commandline low level file extractor for NTFS
Language:AutoIt269 32 2742
RunAsTI
Launch processes with TrustedInstaller privilege
Language:AutoIt374 25 975
SetMace
Manipulate timestamps on NTFS
Language:AutoIt44 5 57
UsnJrnl2Csv
Parser for $UsnJrnl on NTFS
Language:AutoIt100 16 114

jschicht's Repositories

jschicht/RunAsTI
Launch processes with TrustedInstaller privilege
Language:AutoIt374 25 975
jschicht/RawCopy
Commandline low level file extractor for NTFS
Language:AutoIt269 32 2742
jschicht/Mft2Csv
Extract $MFT record info and log it to a csv file.
Language:AutoIt251 22 1231
jschicht/LogFileParser
Parser for $LogFile on NTFS
Language:AutoIt183 21 430
jschicht/ExtractUsnJrnl
Tool to extract the $UsnJrnl from an NTFS volume
Language:AutoIt103 13 719
jschicht/UsnJrnl2Csv
Parser for $UsnJrnl on NTFS
Language:AutoIt100 16 114
jschicht/SetMace
Manipulate timestamps on NTFS
Language:AutoIt44 5 57
jschicht/EaTools
Analysis and manipulation of extended attribute ($EA) on NTFS
Language:AutoIt38 8 313
jschicht/Indx2Csv
An advanced parser for INDX records
Language:AutoIt24 5 04
jschicht/PowerMft
Powerful commandline $MFT record editor.
Language:AutoIt22 4 05
jschicht/SectorIo
Kernel mode driver for writing to physical disk with SL_FORCE_DIRECT_WRITE
Language:C22 8 215
jschicht/Secure2Csv
Decode security descriptors in $Secure on NTFS
Language:AutoIt20 4 14
jschicht/NtfsFileExtractor
Extract files off NTFS
Language:AutoIt18 6 07
jschicht/MftCarver
Carve $MFT records from a chunk of data (for instance a memory dump)
Language:AutoIt16 3 04
jschicht/HideAndProtect
Makes files super hidden on NTFS
Language:AutoIt14 4 03
jschicht/MftRcrd
Command line $MFT record decoder
Language:AutoIt11 5 27
jschicht/StegoMft
PoC for hiding data within $MFT
Language:AutoIt11 3 01
jschicht/IndxCarver
Carve INDX records from a chunk of data.
Language:AutoIt9 3 01
jschicht/UsnJrnlCarver
Carving Usn pages (UsnJrnl records)
Language:AutoIt8 5 01
jschicht/ExtractAllAttributes
Extracts all attributes of files on NTFS
Language:AutoIt6 3 0
jschicht/RcrdCarver
Carve RCRD records ($LogFile) from a chunk of data.
Language:AutoIt5 4 02
jschicht/MakeContainer
Tools to create special containers for patched VeraCrypt/TrueCrypt
Language:AutoIt4 3 0
jschicht/MakeImage
Create graphic bitmap from binary data.
Language:AutoIt4 3 0
jschicht/HexDump
Dump binary data to console from file or disk
Language:AutoIt3
jschicht/PartDump
Utility to dump basic volume information from a disk object.
Language:AutoIt3 3 1
jschicht/RawDir
A low level dir command for NTFS volumes
Language:AutoIt3 4 03
jschicht/Tiny_NTFS
Smallest possible size of a NTFS partition
3 3 0
jschicht/VeraCrypt
Tweaked version for supporting arbitrary offsets.
Language:C1 3 0
jschicht/Volsnap-Bug-Content
Content for a volsnap.sys bug analysis
Language:PowerShell1 2 0
jschicht/MftRef2Name
Resolve file index number to name or vice versa on NTFS
Language:AutoIt4 02