$MFT? Enumeration

AceInfinity · Sep 17, 2012

Anybody know of a method to enumerate the $MFT on an NTFS formatted filesystem?

niemiro · Sep 18, 2012

I have researched the $MFT before, but never gotten around to actually trying out the code. My notes on the subject list the following user "StCroixSkipper" and the following URLs:

http://social.msdn.microsoft.com/Forums/en/csharpgeneral/thread/c1550294-d121-4511-ac32-31551497f64e
http://mftscanner.codeplex.com/releases/view/92546

But I have never actually tried it to confirm it works. Maybe you have already found, maybe not.

AceInfinity · Sep 18, 2012

I know, i've seen those, another intriguing topic is the USN journal. I have tried them, but the concept here is not yet fully developed, it's still slow because of a few factors. If you were able to read efficiently from the $MFT it would be about 10 times faster than any other filesystem search method in theory.

Search

Search

$MFT? Enumeration

AceInfinity

Emeritus, Contributor

niemiro

Senior Administrator, Windows Update Expert

AceInfinity

Emeritus, Contributor