thewhiteninja/ntfstool

Forensics tool for NTFS (parser, mft, bitlocker, deleted files)

49
/ 100
Emerging

This tool helps digital forensics and incident response professionals analyze Windows NTFS file systems. It takes raw disk images or live disk inputs and provides detailed information about file system structures, user activity, and encrypted volumes. The output helps uncover critical evidence like deleted files, unusual system changes, or compromised accounts.

600 stars. No commits in the last 6 months.

Use this if you need to deeply investigate Windows NTFS volumes for forensic evidence, including parsing file tables, recovering deleted files, or analyzing BitLocker and EFS encrypted data.

Not ideal if you need GPU-accelerated brute-forcing for BitLocker passwords, as this tool extracts hashes for use with other specialized cracking tools.

digital-forensics incident-response data-recovery windows-security disk-analysis
Stale 6m No Package No Dependents
Maintenance 0 / 25
Adoption 10 / 25
Maturity 16 / 25
Community 23 / 25

How are scores calculated?

Stars

600

Forks

112

Language

C++

License

MIT

Category

disk-imaging-tools

Last pushed

Jul 23, 2023

Commits (30d)

0

GitHub
Disk Imaging Tools · 48 tools

Get this data via API

curl "https://pt-edge.onrender.com/api/v1/quality/llm-tools/thewhiteninja/ntfstool"

Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.

Higher-rated alternatives

Limine-Bootloader/Limine

Modern, advanced, portable, multiprotocol bootloader and boot manager. (Official mirror of...

66

Mexit/MultiOS-USB

Boot operating systems directly from ISO/WIM images

59

Zaechus/artix-installer

A simple installer for Artix Linux

44

jrd/pyreadpartitions

Read MBR and GPT partitions in python directly.

43

itoffshore/alpine-linux-scripts

Alpine Linux Setup Scripts

42

Explore LLM Tools

All categories Trending LLM Tool directory Insights