Couple of new tools...
 
Notifications
Clear all

Couple of new tools at TZWorks available for review

3 Posts
2 Users
0 Likes
595 Views
tzworks
(@tzworks)
Posts: 5
Active Member
Topic starter
 

All, we posted a couple of new tools on our website. The tools are free for personal use.

The tools include evtwalk which is a command line Windows event log parser that was posted a couple of months back - we just haven't had time to post anything on the list until now. The second tool, which was posted this week, is gena - short for Graphical Engine for NTFS Analysis. gena is an attempt to satisfy some of the requests we've gotten in the past to come up with a GUI tool that ties some of our command line NTFS tools together. So in its current form, It ties together ntfswalk, ntfscopy, ntfsdir and wisp. It provides an explorer type navigation to view any file or directory’s internals, and there are versions for Window, Linux or Mac. The links to the above tools are

evtwalk - https://tzworks.net/prototype_page.php?proto_id=25
gena - https://tzworks.net/prototype_page.php?proto_id=28

Also worth looking at is ntfswalk. This is an older tool that has been revamped. The additional options were based on feedback we have received, as well as us needing some of the additional capability for the gena tool. For those not familiar with ntfswalk, it can traverse an entire volume (live or 'dd' image) pulling out metadata (or copying files ) on desired categories of files (including any files that are locked down). As a last minute request, we were also able to add the ability for ntfswalk to create a hashset. The difference with this tool vice other good tools available, is ntfswalk does everything at the cluster level, so if you are worried about rootkits affecting your data, this should help. Keep in mind all new capabilities are still beta.

ntfswalk - https://tzworks.net/prototype_page.php?proto_id=12

Give them a try!

 
Posted : 10/07/2013 2:30 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Nice ) !
If I may, the "gena" name conflicts with a PE builder/project
http//theoven.org/index.php?board=7.0

Maybe it would be advisable to call it tzgena (or something like that) to disambiguate.

jaclaz

 
Posted : 10/07/2013 1:46 pm
tzworks
(@tzworks)
Posts: 5
Active Member
Topic starter
 

Thanks for the heads up. For now we'll keep it at gena, since name collisions are inevitable.

 
Posted : 10/07/2013 6:44 pm
Share: