AceInfinity
Emeritus, Contributor
Anybody know of a method to enumerate the $MFT on an NTFS formatted filesystem?
$MFT? Enumeration
- Thread starter AceInfinity
- Start date
I have researched the $MFT before, but never gotten around to actually trying out the code. My notes on the subject list the following user "StCroixSkipper" and the following URLs:
http://social.msdn.microsoft.com/Forums/en/csharpgeneral/thread/c1550294-d121-4511-ac32-31551497f64e
http://mftscanner.codeplex.com/releases/view/92546
But I have never actually tried it to confirm it works. Maybe you have already found, maybe not.
http://social.msdn.microsoft.com/Forums/en/csharpgeneral/thread/c1550294-d121-4511-ac32-31551497f64e
http://mftscanner.codeplex.com/releases/view/92546
But I have never actually tried it to confirm it works. Maybe you have already found, maybe not.
AceInfinity
Emeritus, Contributor
I know, i've seen those, another intriguing topic is the USN journal. I have tried them, but the concept here is not yet fully developed, it's still slow because of a few factors. If you were able to read efficiently from the $MFT it would be about 10 times faster than any other filesystem search method in theory.
Has Sysnative Forums helped you? Please consider donating to help us support the site!