Skipper and Erik,
I really like the work you've done here! I too am interested in reading from the MFT, from the Journal, and getting into VSS and Restore points. My biggest problem...I;m a noobie! :) It's been 16+ years since I studied C in college and I never used it outside of school. The good news is that I was able to pick up C# pretty quick. Using the Skipper's code from above I managed to get something working. My interest in the MFT is from a forensics point of view. I'd like to be able to re-cursively read the MFT and output File index, File name, size and the timestamps. I have been plowing through documentation on Kernel32, the MFT, and other forums but I still think I am missing something. I guess my question is how to get that info out of the MFT. Initially, I was thinking I would get the highest value for the MFT index and loop through to collect what I need. Am I close? Or am I in outer space?
Any Help is appreciated.
P.S. Please be gentle! :) I realize you time is just as valuable as mine! :)
Regards,
C