Tag Archives: NTFS

NTFS Journal Viewer – Tool to Investigate NTFS Changes

NTFS Journal Viewer (JV) is a portable tool that extracts and parses the NTFS change journal ($UsnJrnl) file. The change journal is a file that records when changes are made to files and directories and therefore can provide a wealth

AlternateStreamView – Tool to Investigate ADS File System

AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system.

RecuperaBit – Tool for Forensic File Reconstruction

RecuperaBit is a software which attempts to reconstruct file system structures and recover files.

MFTDump – Tool to Parse MFT Files

MFTDump is a tool provides a quick and easy way to extract forensic metadata from an NTFS volume $MFT file.