Skip to content

Releases: kacos2000/MFT_Record_Viewer

$MFT Record Viewer

11 Apr 07:50
@kacos2000 kacos2000
v.0.0.49.0
18d0b37
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer Latest
Latest

[Update list]

  • Corrected flag "$Verify and $Corrupt disabled" to display correctly in $Volume_Information Attribute
    (It's a PowerShell thing: just added a couple of "`" before the $ signs)
Assets 4
Loading

$MFT Record Viewer

09 Mar 13:44
@kacos2000 kacos2000
v.0.0.48.0
01b582e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Update list]

  • Added undocumented 0x80000000 $Standard_Information Attribute flag
  • Corrected $Volume_info Attribute flag decoding - now the flags (hex) are converted to LE first ie 0x8000 is flag 0x0080 ("tunneling cache & Short filenames disabled)
Loading

$MFT Record Viewer

06 Mar 13:26
@kacos2000 kacos2000
v.0.0.47.0
cb42d3f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Update List]

  • Updated/corrected $Volume_info Attribute flags as follows:

      	Hex	        Binary	                Description
  	# 0x0000	0000000000000000	Volume is OK
  	# 0x0001	0000000000000001	Is dirty
  	# 0x0002	0000000000000010	Re-size journal ($LogFile)
  	# 0x0004	0000000000000100	Upgrade Volume version underway
  	# 0x0008	0000000000001000	Mounted on Windows NT4
  	# 0x0010	0000000000010000	Delete USN underway
  	# 0x0020	0000000000100000	Repair Object IDs underway
  	# 0x0040	0000000001000000	Volume is corrupt and caused a bug check
  	# 0x0080	0000000010000000	Tunneling cache, Short filenames disabled
  	# 0x0100	0000000100000000	Full Chkdsk scan underway
  	# 0x0200	0000001000000000	Proactive scan underway
  	# 0x0400	0000010000000000	TxF feature is disabled
  	# 0x0800	0000100000000000	Volume scrub disabled
  	# 0x1000	0001000000000000	$Verify and $Corrupt disabled
  	# 0x2000	0010000000000000	Heat gathering disabled
  	# 0x4000	0100000000000000	Chkdsk underway
  	# 0x8000	1000000000000000	Modified by Chkdsk

Source

Loading

$MFT Record Viewer

24 Jan 15:33
@kacos2000 kacos2000
v.0.0.46.0
d35f9f6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Update List]

  • Corrected typo
  • Separated fixup entries
Loading

$MFT Record Viewer

11 Jan 14:31
@kacos2000 kacos2000
v.0.0.45.0
22768eb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Update List]

  • Added millisecond precision to all timestamps, which are now in formatted as:
    'dd/MM/yyyy HH:mm:ss.fffffff'
  • All timestamps are in UTC
Loading

$MFT Record Viewer

11 Jan 13:46
@kacos2000 kacos2000
v.0.0.44.0
c4f60f2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Update List]

  • Corrected a tag (offset of $Upcase:$Info resident content showing Win version used to format drive)
Loading

$MFT Record Viewer

09 Jan 22:12
@kacos2000 kacos2000
v.0.0.43.0
c4f60f2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Update Log]

  • Fixed typo resulting in $Volume_Information status flags not being read correctly.
Loading

$MFT Record Viewer

02 Jan 04:13
@kacos2000 kacos2000
v.0.0.42.0
e06bf93
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Update Log]

  • Optimizations
  • Fixed bug when encountering $Reparse Point Tag Value: 0x9000701A
Loading

$MFT Record Viewer

31 Dec 14:02
@kacos2000 kacos2000
v.0.0.41.0
e83a37e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Change log]

  • Corrected offset typo ('[0x28] $MFT Record Nr' to '[0x2C] $MFT Record Nr')
Loading

$MFT Record Viewer

28 Dec 15:55
@kacos2000 kacos2000
v.0.0.40.0
874c5d0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
$MFT Record Viewer

[Change log]

  • Added $MFT Record Reference Number (8 byte value => MFT Record sequence Number & MFT record Nr.)
  • Added/Fixed the 'cancel' exit
Loading