A $Secure parser fo...
 
Notifications
Clear all

A $Secure parser for NTFS (security descriptors)

2 Posts
1 Users
0 Likes
1,268 Views
joakims
(@joakims)
Posts: 224
Estimable Member
Topic starter
 

The new tool can be found at; https://github.com/jschicht/Secure2Csv

It basically decodes every Security descriptor in the $SDS data stream of the $Secure file, and writes it to a csv.

From a given $MFT record there is a SecurityId which is unique per volume, and connects the object (file/folder) to a security descriptor.

 
Posted : 05/03/2015 2:57 am
joakims
(@joakims)
Posts: 224
Estimable Member
Topic starter
 

As SecureParser seemed to be a very common name, it was changed to Secure2Csv. Link updated. Source will be available whenever it has made its way into the $LogFile parser.

 
Posted : 05/03/2015 3:37 pm
Share: