process ghosting artifact detector — free browser tool | fatcousin

drop file system + handle table · detect ghosting (deleted-before-mapped) · runs locally

input

drop handle table · process csv · mft · ghosting export

or click

Select file

SECTION_IMAGE from delete-pending file · MFT deleted executable · handle table cross-ref

limits

heuristic screener · parses artifacts locally · not definitive proof of process ghosting

status

>ready