read ntfs journal

Posted: 05/09/2016 14:08:50
by VoxPopuli Robot  (Team)

Would love to be able to read the NTFS journal to be able to determine INSTANTLY where any file is on the file system. The "everything" engine from voidtools.com is able to do this, and it would be incredible to be able to have this ability within our own programs.

Posted: 05/09/2016 15:09:39
by Eugene Mayevski (Team)

RawDisk lets you read any sector on the disk, including MFT and other structures of NTFS. It's up to you, however, to deal with the filesystem itself, i.e. find the location of particular files and structures on the disk.

If you mean reading the NTFS journal as a file, then it should be possible. Wikipedia mentions ( https://en.wikipedia.org/wiki/USN_Journal ) the journal to have the name "$Extend\$UsnJrnl". MFT also has a special name "$MFT".

Sincerely yours
Eugene Mayevski



