diyinfosec / mft2json Goto Github PK
View Code? Open in Web Editor NEWTake snapshot of the MFT and convert each MFT record into JSONL.
Take snapshot of the MFT and convert each MFT record into JSONL.
This is at a bare minimum now. Can be done better, and also added to the attribute parser.
A dictionary with the attribute header and mft header info. This is so that we can parse files based on their MFT record ID or the name of the attribute.
Need more information on the structure. Looks like Active Disk Editor does some parsing already.
This will be stored in $100. Looks to be a 56 byte structure as per libntfs doc.
Refernces:
https://docs.microsoft.com/en-us/windows/win32/api/txfw32/
https://github.com/libyal/libfsntfs/blob/master/documentation/New%20Technologies%20File%20System%20(NTFS).asciidoc
Basic idea, this is a string containing 4 characters.
Attribute name is 'Zone.identifier'
Contents: (Separated by 0x0D 0x0A)
[ZoneTransfer]
ZoneId
ReferredURL
HostURL
Ref:
https://docs.microsoft.com/en-us/archive/blogs/askcore/alternate-data-streams-in-ntfs
http://www.sandersonforensics.com/Files/ZoneIdentifier.pdf
Concepts (About URL Security zones):
https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537183(v=vs.85)?redirectedfrom=MSDN
Two ways:
This needs to be reviewed. Currently the unparsed attribute data is dumped as hex. Will it help to base64/ascii encode?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.