fatcousin
home

drop mft csv · detect abnormally high mft entry reuse rates · identify evidence of mass file deletion and creation in entry slots · surface patterns indicating attacker file staging and cleanup · runs locally

mft csv
drop mft csv
or click

flags sequence >10 high · >50 critical · histogram · directory heat map · lifecycle reconstruction

drop mft csv (mftecmd / mftrcsv) — multiple files ok
ready