Skip to content
/ MFTECmd Public
forked from EricZimmerman/MFTECmd

Parses $MFT from NTFS file systems | Ported for Linux

License

MIT license
1 star 41 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

scottdermott/MFTECmd

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

132 Commits
Dependencies
Dependencies
 
 
MFTECmd
MFTECmd
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MFTECmd.sln
MFTECmd.sln
 
 
README.md
README.md
 
 

Repository files navigation

MFTECmd (Windows | MacOS | Linux)

MFT parser for NTFS file systems

Open Source Development funding and support provided by the following contributors: SANS Institute and SANS DFIR.

Ported from EricZimmerman to .netcoreapp2.2 so it can be run on Linux

Benchmark

MFTECmd - Linux

MFTECmd - Linux Result
File size 469.5MB
Run time 12.0830 seconds
FILE records found 392,879 (Free records: 87,835)
Lines produced 580,417

AnalyseMFT - Linux

AnalyseMFT Result
File size 469.5MB
Run time 2 minutes 21.058 seconds
Lines produced 482,207

Building

dotnet restore
dotnet build -r linux-x64

About

Parses $MFT from NTFS file systems | Ported for Linux

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • C# 100.0%