-
Notifications
You must be signed in to change notification settings - Fork 8
Utility to retrieve the Master File Table (MFT) from a live running NTFS volume and send it to a netcat listener.
License
jeffbryner/pyMFTGrabber
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
2012 Jeff Bryner Script to retrieve the Master File Table (MFT) record for an NTFS file system from a live system. Usage: Victim/Client NTFS/Windows box: python pyMFTGrabber.py -f "\\.\C:" -s 10.200.1.1 -p 6666 (or compile it using pyinstaller and run without python) Forensic workstation at 10.200.1.1: nc -l -p 6666 >mft.dd You can then use several tools to decode the MFT records: 1) analyzeMFT.py ( https://github.com/dkovar/analyzeMFT ) analyzeMFT.py -f mft.dd -o mft.out 2) INDXParse (https://github.com/williballenthin/INDXParse ) MFTINDX.py -t MFT -m -d mft.dd > mft.out Demo at: http://www.youtube.com/watch?v=uKSM_kbpn4g
About
Utility to retrieve the Master File Table (MFT) from a live running NTFS volume and send it to a netcat listener.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published