EldoS | Feel safer!

Software components for data protection, secure storage and transfer

read ntfs journal

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#36673
Posted: 05/09/2016 14:08:50
by VoxPopuli Robot  (EldoS Corp.)

Would love to be able to read the NTFS journal to be able to determine INSTANTLY where any file is on the file system. The "everything" engine from voidtools.com is able to do this, and it would be incredible to be able to have this ability within our own programs.

If you like the idea, vote for it on https://www.eldos.com/rawdisk/wishlist.php
#36678
Posted: 05/09/2016 15:09:39
by Eugene Mayevski (EldoS Corp.)

RawDisk lets you read any sector on the disk, including MFT and other structures of NTFS. It's up to you, however, to deal with the filesystem itself, i.e. find the location of particular files and structures on the disk.

If you mean reading the NTFS journal as a file, then it should be possible. Wikipedia mentions ( https://en.wikipedia.org/wiki/USN_Journal ) the journal to have the name "$Extend\$UsnJrnl". MFT also has a special name "$MFT".


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 1497 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!