Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn

Difference between revisions of "AnalyzeMFT"

From Forensics Wiki
Jump to navigation Jump to search
 
Line 10: Line 10:
 
analyzeMFT is designed to fully parse the $MFT file system metadata file from an NTFS file system and present the results in multiple formats.
 
analyzeMFT is designed to fully parse the $MFT file system metadata file from an NTFS file system and present the results in multiple formats.
  
It was written in Python 2 and appears no to be longer maintained [https://github.com/dkovar/analyzeMFT/issues/50#issuecomment-581133372 1]
+
It was written in Python 2 and is no to longer maintained [https://github.com/dkovar/analyzeMFT/issues/50#issuecomment-581133372 1]
  
There is a Python 3 fork of analyzeMFT [https://github.com/dkovar/analyzeMFT/issues/50#issuecomment-513195309 2] but its status is unclear.
+
There is a Python 3 fork of analyzeMFT [https://github.com/dkovar/analyzeMFT/issues/50#issuecomment-513195309 2], it is also no longer maintained [https://github.com/dkovar/analyzeMFT/issues/50#issuecomment-602051975 3].
  
 
== External Links ==
 
== External Links ==

Latest revision as of 01:21, 22 March 2020

AnalyzeMFT
Maintainer: David Kovar
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: Common Public License 1.0
Website: https://github.com/dkovar/analyzeMFT

analyzeMFT is designed to fully parse the $MFT file system metadata file from an NTFS file system and present the results in multiple formats.

It was written in Python 2 and is no to longer maintained 1

There is a Python 3 fork of analyzeMFT 2, it is also no longer maintained 3.

External Links