Forensic Software
-
ntfsReader (download) Version: 0.1 MD5: 4fb41e1ecfa737944bcff4b517a44b6a
ntfsReader is a Python script for parsing NTFS partitions and extracting metainformation from all MFT entries. The script takes a physical drive (e.g. /dev/sda) as an input argument and then finds all NTFS partitions after parsing the Master Boot Record (MBR) and extracts the metainformation from all MFT entries of those partitions. Currently version 0.1 cannot handle extended partitions. -
fint (download) Version: 0.1 MD5: 16fc629c6a11d6de3c9e2b8dd4673c28
fint (find interesting) ist a Python script to find certain files of interest during a forensic investigation. Interesting files can be files that have a certain MD5 fingerprint, a certain size, or in case of executable files a certain date they were compiled on. Especially, malicious software can be easily detected by its compile date, since it is usually very new.
With downloading any of the software you agree to have read and understand the disclaimer.