A $Secure parser for NTFS (security descriptors)

General (Technical, Procedural, Software, Hardware etc.)

Last Post by joakims 10 years ago

2 Posts

1 Users

0 Reactions

1,922 Views

RSS

joakims

(@joakims)

Estimable Member

Joined: 15 years ago

Posts: 224

Topic starter 05/03/2015 3:57 am

The new tool can be found at; https://github.com/jschicht/Secure2Csv

It basically decodes every Security descriptor in the $SDS data stream of the $Secure file, and writes it to a csv.

From a given $MFT record there is a SecurityId which is unique per volume, and connects the object (file/folder) to a security descriptor.

Quote

joakims

(@joakims)

Estimable Member

Joined: 15 years ago

Posts: 224

Topic starter 05/03/2015 4:37 pm

As SecureParser seemed to be a very common name, it was changed to Secure2Csv. Link updated. Source will be available whenever it has made its way into the $LogFile parser.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
210 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed