mft

rowingdude/analyzeMFT

analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats.

kacos2000/MFT_Browser

$MFT directory tree reconstruction & FILE record info

EricZimmerman/MFTECmd

Parses $MFT from NTFS file systems

AdamWhiteHat/Judge-Jury-and-Executable

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

nbs32k/Petya2

A full & Open Source compatible Petya Ransomware Executable Placeholder

githubrobbi/Ultra-Fast-File-Search

Ultra Fast File Search

harelsegev/INDXRipper

Carve file metadata from NTFS index ($I30) attributes

t9t/gomft

NTFS Master File Table (MFT) parser for Go.

gelven4sec/NotPetyaAgain

PoC of a UEFI Petya ransomware

yuanrui/EverythingSZ

EverythingSZ is a learning project to research Everything background technology. original source code stored in CodePlex, this branch support .net core.

apache/airavata-mft

Apache Airavata Managed File Transfer Services

waarp/Waarp-All

This version is a major version for all Waarp Modules, previously being split.

sumeshi/ntfsfind

An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.

JonnyBanana/-MFT-Duck-Crasher

A Simple Script for Rubber Ducky which Exploits Windows $MFT Vulnerability

kacos2000/MFT_Record_Viewer

$MFT Record Viewer

rsa9000/ntfsheurecovery

NT File System (NTFS) recovery tool

delphilite/EverythingSDK

Everything Search Engine SDK for Delphi

farfella/ntfs-cpu-search

From 2011: Quickly search for files in NTFS volumes parsing the Master File Table (MFT). A decent amount of how NTFS and MFT work was painstakingly reverse-engineered since it's undocumented.

FirstBlood12/RedPetyaOpenSSL

A full rewrite of Red Petya ransomware from 2016 with full MBR and GPT support

logpresso/community

Logpresso Mini and community contents for incident response

kero99/mftmactime

MFT and USN parser that allows direct extraction in filesystem timeline format (mactime), dump all resident files in the MFT in their original folder structure and run yara rules over them all.

waarp/WaarpR66

All Waarp modules have been regrouped in a new repository: https://github.com/waarp/Waarp-All. This repository is outdated and will not be maintained anymore.

sumeshi/mft2es

A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.

wang-bin/mdk-mft

libmdk codec plugin based on microsoft media foundation transform

apache/airavata-data-lake

Apache Airavata Data Lake

dkesselman/isftpretry

IBM i - SFTP file transfer with retries - Bash script

kacos2000/MFT_dataruns

Dataruns calc

zeroq/ntfsreader

parse MBR and Partition Table to extract MFT Entries

gereoffy/drutils

Data recovery utilities

hansalemaos/mft2df

Lists the files on a drive insanely fast (43 seconds for 1,800,000 files - 600 GB) by converting the $MFT to a pandas DataFrame

LorenData/ECGrid-API

Loren Data ECGrid API Version 4.1 Documentation.

apache/airavata-mft-portal

Portal for Apache Airavata Managed File Transfer Services

BGPavelAng/MFT

MFT

germanoeich/SearchSharp

SkYNewZ/mft

Always get the latest FFESSM MFT files and upload them to a Google Drive. Run with GitHub Actions.