I started working on this topic (#64) in https://github.com/janstarke/flow-record, which contains a Rust implementation of the format as well as a documentation.
Is there someone on your side who can review this?
At the moment, the support is partly, but works together with rdump. In the future, I'd like to replace bodyfile in the DFIR Toolkit as well as in ntdsextract2 by the record format, which in my eyes is much more better.
I started working on this topic (#64) in https://github.com/janstarke/flow-record, which contains a Rust implementation of the format as well as a documentation.
Is there someone on your side who can review this?
At the moment, the support is partly, but works together with
rdump. In the future, I'd like to replacebodyfilein theDFIR Toolkitas well as inntdsextract2by the record format, which in my eyes is much more better.