GitHub - jschicht/SetMace: Manipulate timestamps on NTFS
Manipulate timestamps on NTFS. Contribute to jschicht/SetMace development by creating an account on GitHub.
File System Analysis
Using Alternate Data Streams to Persist on a Compromised Machine
Back in the days before Windows Vista, Alternate Data Streams used to be an acceptable way for malware authors to hide their malicious code. An Alternate Data Stream can be used to hide the presenc…
File Signatures
Free file signature page since 2002!
File System Forensic Analysis
The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques Most digital evidence is stored within the computer's file system, but understanding how file systems work is one … - Selection from File System Forensic Analysis [Book]
Change log
Eric Zimmerman Tools Changelog
NotPetya fsutil clear journal
Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware
Execute from Alternate Streams · GitHub
Execute from Alternate Streams · GitHub
Using Alternate Data Streams to Persist on a Compromised Machine | enigma0x3
Back in the days before Windows Vista, Alternate Data Streams used to be an acceptable way for malware authors to hide their malicious code. An Alternate Data Stream can be used to hide the presenc…
Invoke-AltDSBackdoor/Invoke-ADSBackdoor.ps1 at master · enigma0x3/Invoke-AltDSBackdoor · GitHub
Contribute to enigma0x3/Invoke-AltDSBackdoor development by creating an account on GitHub.
GitHub - jschicht/LogFileParser: Parser for $LogFile on NTFS
Parser for $LogFile on NTFS. Contribute to jschicht/LogFileParser development by creating an account on GitHub.