04 May 2020

Analisa MFT

1) Extract MFT using icat


2) parse using MFTAnalyzer
     analyzeMFT.py -f mft.raw -o mftanalyzed.csv


ref: https://www.andreafortuna.org/2017/07/18/how-to-extract-data-and-timeline-from-master-file-table-on-ntfs-filesystem/



notes: can use https://github.com/jschicht/Mft2Csv/wiki/Mft2Csv to parse from live system
Posted by at
Labels: ,

No comments:

Post a Comment

Terima kasih

Subscribe to: Post Comments (Atom)