Reading MFT
It will be interesting to see who else chimes in... I'd like to get a community of folks who are interested in using the USN Journal an maybe post code and get it reviewed then make it...
View ArticleReading MFT
Skipper, you are a Juggernaut! One day a monument will be installed on St Creux shore. It will read: In memory of the great navigator who while sailing these waters crushed the most daunting problem in...
View ArticleReading MFT
The final post of source code...using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.IO; using PInvoke; using System.Runtime.InteropServices; using...
View ArticleReading MFT
Here is the code I promised. First the Win32Api class that has all the DllImports, the constants, etc to access the USN Journal:using System; using System.Collections.Generic; using System.Text; using...
View ArticleReading MFT
Since WindowsNT when Microsoft first released NTFS, a journaling file system, I've had a fascination with the USN Journal. I worked on the Primos operating system at Prime Computer and have always...
View ArticleReading MFT
Thanks Erik,This is highly interesting.I am trying to read and manipulate the MFT and thus what i understand from what you wrote, the journal and the logs, from direct raw read/write with use of the...
View ArticleReading MFT
The change journal works on all NTFS volumes 3.1 and above this means any NTFS volume on Windows 2000 and above. Enumerating the MFT is good but reading the changes is even better because it makes for...
View ArticleReading MFT
this is so coooooooooooland it worksthanks a lot StCroixSkipperyou really make my daynow i need to get deeper into the MFT in conjunction with the codeon what OS is this compatible i wonder actuallythe...
View ArticleReading MFT
The API seems to be stable with MFT_ENUM_DATA & FSCTL_ENUM_USN_DATA because these entries exists so it can always map the FileReference. However the problem I had when using the API is with...
View ArticleReading MFT
I've actually done it both ways. Given a File Reference Number you can to full path. I used Dictionary in this case because it has the advantage of being faster but it certainly takes up more memory....
View ArticleReading MFT
USN_RECORDS return only FileNames this is to reserve as much space possible in the change log. You can map (fileReference) or (ParentFileReference) to complete paths using API. This approach is so much...
View ArticleReading MFT
I think I've figured out how to use it reliably. Have found solution for .NET?
View ArticleReading MFT
Hi StCroixSkipper . First of all i would like to thank you for this post. It helped me a lot in my project. And I'm really interested in using USN from c#! I'm currently investigating this question to,...
View ArticleReading MFT
Hey guys, great thread and especially great snippets!Currently I am working on an application that basically has to be able to undelete data from both NTFS and FAT32 drives.I've started working on the...
View ArticleReading MFT
StCroixSkipper said:Is anyone interested in using the USN Journal from C#?Sure I am. What do you have in your sleeve?AlexB
View ArticleReading MFT
Thanks Skipper. It's an embarrassing oversight. It was correct at one point but then I refactored it manually and apparently goofed up. Anyhow, now it seems to be working but I am getting an error:...
View ArticleReading MFT
Just looking at your code ...private Dictionary<UInt64, FileNameAndFrn> directories_ = newDictionary<ulong, FileNameAndFrn> ( );publicDictionary<UInt64, FileNameAndFrn> directories{...
View Article