Notifications
Clear all
Topic starter
The new tool can be found at; https://
It basically decodes every Security descriptor in the $SDS data stream of the $Secure file, and writes it to a csv.
From a given $MFT record there is a SecurityId which is unique per volume, and connects the object (file/folder) to a security descriptor.
Posted : 05/03/2015 2:57 am
Topic starter
As SecureParser seemed to be a very common name, it was changed to Secure2Csv. Link updated. Source will be available whenever it has made its way into the $LogFile parser.
Posted : 05/03/2015 3:37 pm