Hey #DFIR, just wrote a tool to parse NTFS INDX files and extract filenames, timestamps, etc. Get it here: http://www.williballenthin.com/forensics/indx/index.html
@williballenthin
Hey #DFIR, just wrote a tool to parse NTFS INDX files and extract filenames, timestamps, etc. Get it here: http://www.williballenthin.com/forensics/indx/index.html