±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35750
New Yesterday: 4 Visitors: 141

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

mft2csv - NTFS systemfile extracter and $MFT decoder

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9, 10  Next 
  

jaclaz
Senior Member
 

Re: mft2csv - NTFS systemfile extracter and $MFT decoder

Post Posted: Jan 14, 13 16:59

- keydet89
- jaclaz

The tool (correctly) asks for a $MFT, I was perfectly aware that feeding it "something else" I would have probably got an error (though I prefer "aggressive" interfaces...


As someone who as written tools, and provided them all for free, I find this extremely frustrating.

WHAT exactly are you finding frustrating? Question

I - as said - intentionally fed the tool with "unexpected"data to see how it would behave, and reported it's behaviour.
This is what I call betatesting/feedback/suggestions/ideas that an Author should be made aware of (and of course is perfectly free to ignore).

If I get it right you are whining Shocked about getting no feedback for some of your tools and you pinpoint some actual feedback given for another tool as a "frustrating" thing?

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

joakims
Senior Member
 

Re: mft2csv - NTFS systemfile extracter and $MFT decoder

Post Posted: Jan 19, 13 05:33


The tool (correctly) asks for a $MFT, I was perfectly aware that feeding it "something else" I would have probably got an error (though I prefer "aggressive" interfaces, like "You [email protected]§§, I want a §@ç#ing $MFT, the file you gave me is not a $MFT!" a "Cannot decode file" would have been preferrable to the "Variable not declared" error).


The reason is because we can have invalid records, and I wanted it to continue regardless of those. But, still it's kind of flawed, as it assumes there is exactly 1024 bytes between each record. Alternatively you could have evaluated byte for byte forward whenever an invalid record hits you (which would fix that).

New version has option to specify separator and optional surrounding quotes, plus bugfixes.

Also added this code to satisfy most people:

Code:
If @Username = "jaclaz" And $input <> $ValidMFT Then
	MsgBox(0,"Hey!", You dumb ass fool! what on earth are you trying? Read documentation next time. Bye.
	Exit
EndIf

(that was a joke)
_________________
Joakim Schicht

github.com/jschicht 
 
  

jaclaz
Senior Member
 

Re: mft2csv - NTFS systemfile extracter and $MFT decoder

Post Posted: Jan 19, 13 18:14

- joakims


Also added this code to satisfy most people:

Code:
If @Username = "jaclaz" And $input <> $ValidMFT Then
	MsgBox(0,"Hey!", You dumb ass fool! what on earth are you trying? Read documentation next time. Bye.
	Exit
EndIf


Nice Very Happy .

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

joakims
Senior Member
 

Re: mft2csv - NTFS systemfile extracter and $MFT decoder

Post Posted: Feb 22, 13 06:01

Added support for extraction and handling of $MFT records in memory dumps, as well as partial $MFT's.
_________________
Joakim Schicht

github.com/jschicht 
 
  

Reneec
Newbie
 

Re: mft2csv - NTFS systemfile extracter and $MFT decoder

Post Posted: Dec 18, 13 20:57

I have been trying to get in touch for the longest time. I desperately need the offsets for the MFT data fields. I know you have them but have them in your computer language which I do not know/have. BTW do you have the for VB? My email addy is rmctwo at gmail dot com. Thank you so much.

Renee Culver  
 
  

joakims
Senior Member
 

Re: mft2csv - NTFS systemfile extracter and $MFT decoder

Post Posted: Dec 18, 13 21:08

I am sorry you did not reach me, but you must have hit the wrong channel then. I normally answer serious requests, when I get them. Will send you an e-mail.
_________________
Joakim Schicht

github.com/jschicht 
 
  

joakims
Senior Member
 

Re: mft2csv - NTFS systemfile extracter and $MFT decoder

Post Posted: Feb 24, 14 02:52

Projects moved to github; github.com/jschicht
_________________
Joakim Schicht

github.com/jschicht 
 

Page 9 of 10
Page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9, 10  Next