TScopy

TScopy is a Python script used to parse the NTFS $MFT file to locate and copy specific files. By parsing the Master File Table (MFT), the script bypasses operating system locks on files. The script was originally based on the work of RawCopy. RawCopy is written in AutoIT and is difficult to modify for our purposes. The decision to port RawCopy to Python was done because of the need to incorporate this functionality natively into our toolset.

Download How to Get TScopy
Option 1
To download the TScopy, type the following command in Linux:
Copied
Options 2
View on Git
help How to Get Help with TScopy

For bug reports or enhancements, please open an issue on this project’s github page.

TrustedSec Security Blog OneNote Malware Analysis

New Attacks, Old Tricks: How OneNote Malware is Evolving

1    Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun to look at a sample. It turns out there are a lot of similarities between embedding malicious code into a OneNote document and the old macro/VBA techniques for Office...
Read More