# AnalyzeMFT

AnalyzeMFT is a Python script designed to translate the NTFS Master File Table (MFT) into a human-readable and searchable format, such as CSV. This tool is useful for digital forensics, file system analysis, and understanding the structure of NTFS volumes.

## Features

- Parse NTFS MFT files
- Generate CSV output of MFT records
- Create timeline in CSV format
- Produce bodyfile output for timeline analysis
- Support for local timezone reporting
- Anomaly detection (optional)
- Debugging output (optional)

## Requirements

- Python 3.x

## Installation

1. Clone this repository or download the script files.
2. Ensure you have Python 3.x installed on your system.

Basic usage:

`python AnalyzeMFT.py -f <mft_file> -o <output_file>`

## Versioning

Current version: 2.1
Beta/Testing Version: 3.0

## Author

Benjamin Cance (bjc@tdx.li)

## License

Copyright Benjamin Cance 2024

## Contributing

If you'd like to contribute to this project, please submit a pull request or open an issue on the project's repository.

## Disclaimer

This tool is provided as-is, without any warranties. Use at your own risk and ensure you have the necessary permissions before analyzing any file systems or MFT data.

