MFT

(1) FTK Imager Lite
(2) Sleuth Kit
(3) mft2csv
(4) analyzeMFT (https://github.com/dkovar/analyzeMFT)
(5) plaso
    - https://github.com/log2timeline/plaso
    - https://github.com/log2timeline/plaso/wiki/Dependencies-Mac-OS-X#pyparsing
           DO THE FOLLOWING !!!!
           Remove an outdated version of pyparsing distributed by Max OS X:

            "sudo rm /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pyparsing*"

(6) RawCopy  ( https://github.com/jschicht/RawCopy)
(7) volatility mftparser ( http://volatility-labs.blogspot.sg/2013/05/movp-ii-24-reconstructing-master-file.html )
     - Timestamp ( http://www.epochconverter.com/ )

Popular repositories 

• Mft2Csv51 Extract $MFT record info and log it to a csv file.
• RawCopy43 Commandline low level file extractor for NTFS
• LogFileParser29 Parser for $LogFile on NTFS
• RunAsTI20 Launch processes with TrustedInstaller privilege
• ExtractUsnJrnl18 Tool to extract the $UsnJrnl from an NTFS volume