Giters
Joakim Schicht (jschicht)

jschicht

Geek Repo

446

followers

0

following

3

stars

Location:Norway, Bergen

Github PK Tool:Github PK Tool

Joakim Schicht's repositories

RunAsTI

Launch processes with TrustedInstaller privilege

Language:AutoItLicense:MITStargazers:374Issues:25Issues:9

RawCopy

Commandline low level file extractor for NTFS

Language:AutoItLicense:NOASSERTIONStargazers:268Issues:33Issues:27

Mft2Csv

Extract $MFT record info and log it to a csv file.

Language:AutoItLicense:MITStargazers:250Issues:22Issues:12

LogFileParser

Parser for $LogFile on NTFS

Language:AutoItLicense:MITStargazers:182Issues:21Issues:4

ExtractUsnJrnl

Tool to extract the $UsnJrnl from an NTFS volume

Language:AutoItLicense:NOASSERTIONStargazers:103Issues:13Issues:7

UsnJrnl2Csv

Parser for $UsnJrnl on NTFS

Language:AutoItLicense:MITStargazers:100Issues:16Issues:1

SetMace

Manipulate timestamps on NTFS

Language:AutoItLicense:NOASSERTIONStargazers:44Issues:5Issues:5

EaTools

Analysis and manipulation of extended attribute ($EA) on NTFS

Language:AutoItLicense:NOASSERTIONStargazers:39Issues:8Issues:3

Indx2Csv

An advanced parser for INDX records

Language:AutoItLicense:NOASSERTIONStargazers:24Issues:5Issues:0

PowerMft

Powerful commandline $MFT record editor.

Language:AutoItLicense:MITStargazers:22Issues:4Issues:0

SectorIo

Kernel mode driver for writing to physical disk with SL_FORCE_DIRECT_WRITE

Language:CStargazers:22Issues:8Issues:2

Secure2Csv

Decode security descriptors in $Secure on NTFS

Language:AutoItLicense:NOASSERTIONStargazers:20Issues:4Issues:1

NtfsFileExtractor

Extract files off NTFS

Language:AutoItLicense:NOASSERTIONStargazers:18Issues:6Issues:0

MftCarver

Carve $MFT records from a chunk of data (for instance a memory dump)

Language:AutoItLicense:NOASSERTIONStargazers:16Issues:3Issues:0

HideAndProtect

Makes files super hidden on NTFS

Language:AutoItLicense:NOASSERTIONStargazers:14Issues:4Issues:0

MftRcrd

Command line $MFT record decoder

Language:AutoItLicense:MITStargazers:11Issues:5Issues:2

StegoMft

PoC for hiding data within $MFT

Language:AutoItLicense:NOASSERTIONStargazers:11Issues:3Issues:0

IndxCarver

Carve INDX records from a chunk of data.

Language:AutoItLicense:NOASSERTIONStargazers:9Issues:3Issues:0

UsnJrnlCarver

Carving Usn pages (UsnJrnl records)

Language:AutoItStargazers:8Issues:5Issues:0

ExtractAllAttributes

Extracts all attributes of files on NTFS

Language:AutoItLicense:NOASSERTIONStargazers:6Issues:3Issues:0

RcrdCarver

Carve RCRD records ($LogFile) from a chunk of data.

Language:AutoItLicense:NOASSERTIONStargazers:5Issues:4Issues:0

MakeContainer

Tools to create special containers for patched VeraCrypt/TrueCrypt

Language:AutoItLicense:GPL-3.0Stargazers:4Issues:3Issues:0

MakeImage

Create graphic bitmap from binary data.

Language:AutoItStargazers:4Issues:3Issues:0

HexDump

Dump binary data to console from file or disk

Language:AutoItLicense:NOASSERTIONStargazers:3Issues:0Issues:0

PartDump

Utility to dump basic volume information from a disk object.

Language:AutoItLicense:NOASSERTIONStargazers:3Issues:3Issues:1

RawDir

A low level dir command for NTFS volumes

Language:AutoItLicense:NOASSERTIONStargazers:3Issues:4Issues:0

Tiny_NTFS

Smallest possible size of a NTFS partition

License:NOASSERTIONStargazers:3Issues:3Issues:0

VeraCrypt

Tweaked version for supporting arbitrary offsets.

Language:CLicense:NOASSERTIONStargazers:1Issues:3Issues:0

Volsnap-Bug-Content

Content for a volsnap.sys bug analysis

Language:PowerShellStargazers:1Issues:2Issues:0

MftRef2Name

Resolve file index number to name or vice versa on NTFS

Language:AutoItLicense:NOASSERTIONStargazers:0Issues:4Issues:0