Forensic Utilities - Windows RSS

Arsenal Recon Backstage Parser

Arsenal's Backstage Parser is a python tool that can be used to parse the contents of Microsoft Office files found in the “\Users(User)\AppData\Local\Microsoft\Office\16.0\BackstageinAppNavCac ...
Read More...

Unique Pageviews1,896
Rating
Star10Star10Star10Star10Star10
Website Clicks759
Votes1

DG Wingman Popular

★★★★★
0 reviews

DG Wingman is a free community Windows tool designed to aid in the collection of forensic evidence in order to properly investigate and scope an intrusion. This utility enables yo ...
Read More...

Unique Pageviews1,723
Rating
Star10Star10Star10Star10Star10
Website Clicks512
Votes1

Event log (evtx) parser with standardized CSV, XML, and json output! Custom maps, locked file support, and more!

Unique Pageviews2,308
Rating
Star00Star00Star00Star00Star00
Website Clicks394

Unique Pageviews3,256
Rating
Star00Star00Star00Star00Star00
Website Clicks1,440

Once NTFS Alternate Data Stremas are identified, there is little most software will do to process the files. The  Copy_ads  program will identify Alternate Data Stream files located on an NTFS partition.

Unique Pageviews2,376
Rating
Star00Star00Star00Star00Star00
Website Clicks807

NTFS Log Tracker Popular

0 reviews

This tool can parse $LogFile, $UsnJrnl of NTFS.
A input of this tool is sample file extracted by another tool like Encase, Winhex.
If you want to see "Full Path" information, you should input $MFT file.
A time info ...
Read More...
Unique Pageviews3,303
Rating
Star00Star00Star00Star00Star00
Website Clicks1,116