±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35894
New Yesterday: 0 Visitors: 186

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

A $Secure parser for NTFS (security descriptors)

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

joakims
Senior Member
 

A $Secure parser for NTFS (security descriptors)

Post Posted: Mar 05, 15 03:57

The new tool can be found at; github.com/jschicht/Secure2Csv

It basically decodes every Security descriptor in the $SDS data stream of the $Secure file, and writes it to a csv.

From a given $MFT record there is a SecurityId which is unique per volume, and connects the object (file/folder) to a security descriptor.
_________________
Joakim Schicht

github.com/jschicht 
 
  

joakims
Senior Member
 

Re: A $Secure parser for NTFS (security descriptors)

Post Posted: Mar 05, 15 16:37

As SecureParser seemed to be a very common name, it was changed to Secure2Csv. Link updated. Source will be available whenever it has made its way into the $LogFile parser.
_________________
Joakim Schicht

github.com/jschicht 
 

Page 1 of 1