Tscopy : Tool to parse the NTFS $MFT file to locate and copy specific files

Tscopy is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. It allows the user, who is running with administrator privileges, …