├── .gitattributes
├── .github
    └── workflows
    │   └── publish.yml
├── .gitignore
├── Boot
    ├── Boot.cs
    ├── Boot.csproj
    └── BootFile.cs
├── I30
    ├── I30.cs
    ├── I30.csproj
    └── I30File.cs
├── LICENSE
├── LogFile
    ├── FixupData.cs
    ├── LogFile.cs
    ├── LogFile.csproj
    ├── LogPageRcrd.cs
    ├── LogPageRstr.cs
    └── Log_File.cs
├── MFT.Test
    ├── MFT.Test.csproj
    ├── TestFiles
    │   ├── $I30
    │   │   ├── FirstDelete
    │   │   │   └── $I30
    │   │   ├── SecondDelete
    │   │   │   └── $I30
    │   │   └── Start
    │   │   │   └── $I30
    │   ├── Boot
    │   │   └── $Boot
    │   ├── NIST
    │   │   └── DFR-16
    │   │   │   └── $MFT
    │   ├── Usn
    │   │   └── record.usn
    │   ├── tdungan
    │   │   └── $MFT
    │   └── xw
    │   │   └── $MFT
    └── TestMain.cs
├── MFT.sln
├── MFT
    ├── Attributes
    │   ├── ACERecord.cs
    │   ├── Attribute.cs
    │   ├── AttributeList.cs
    │   ├── Bitmap.cs
    │   ├── Data.cs
    │   ├── ExtendedAttribute.cs
    │   ├── ExtendedAttributeInformation.cs
    │   ├── FileInfo.cs
    │   ├── FileName.cs
    │   ├── Helpers.cs
    │   ├── IndexAllocation.cs
    │   ├── IndexNodeHeader.cs
    │   ├── IndexRoot.cs
    │   ├── LoggedUtilityStream.cs
    │   ├── NonResidentData.cs
    │   ├── ObjectId_.cs
    │   ├── ReparsePoint.cs
    │   ├── ResidentData.cs
    │   ├── SKSecurityDescriptor.cs
    │   ├── SecurityDescriptor.cs
    │   ├── StandardInfo.cs
    │   ├── VolumeInformation.cs
    │   ├── VolumeName.cs
    │   └── xACLRecord.cs
    ├── FileRecord.cs
    ├── MFT.csproj
    ├── Mft.cs
    ├── MftFile.cs
    └── Other
    │   ├── AdsInfo.cs
    │   ├── AttributeInfo.cs
    │   ├── DataRun.cs
    │   ├── DirectoryNameMapValue.cs
    │   ├── ExtensionMethods.cs
    │   ├── FixupData.cs
    │   ├── IndexEntry.cs
    │   ├── IndexEntryI30.cs
    │   ├── MftEntryInfo.cs
    │   └── ParentMapEntry.cs
├── O
    ├── O.cs
    ├── O.csproj
    └── OFile.cs
├── README.md
├── SDS
    ├── FixupData.cs
    ├── Sdh.cs
    ├── SdhFile.cs
    ├── Sds.cs
    ├── SdsEntry.cs
    ├── SdsFile.cs
    ├── Secure.csproj
    ├── Sii.cs
    └── SiiFile.cs
├── Usn
    ├── MFTInformation.cs
    ├── Usn.cs
    ├── Usn.csproj
    ├── UsnEntry.cs
    └── UsnFile.cs
└── icon.png


/.gitattributes:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/.gitattributes


--------------------------------------------------------------------------------
/.github/workflows/publish.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/.github/workflows/publish.yml


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/.gitignore


--------------------------------------------------------------------------------
/Boot/Boot.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Boot/Boot.cs


--------------------------------------------------------------------------------
/Boot/Boot.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Boot/Boot.csproj


--------------------------------------------------------------------------------
/Boot/BootFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Boot/BootFile.cs


--------------------------------------------------------------------------------
/I30/I30.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/I30/I30.cs


--------------------------------------------------------------------------------
/I30/I30.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/I30/I30.csproj


--------------------------------------------------------------------------------
/I30/I30File.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/I30/I30File.cs


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/LICENSE


--------------------------------------------------------------------------------
/LogFile/FixupData.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/LogFile/FixupData.cs


--------------------------------------------------------------------------------
/LogFile/LogFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/LogFile/LogFile.cs


--------------------------------------------------------------------------------
/LogFile/LogFile.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/LogFile/LogFile.csproj


--------------------------------------------------------------------------------
/LogFile/LogPageRcrd.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/LogFile/LogPageRcrd.cs


--------------------------------------------------------------------------------
/LogFile/LogPageRstr.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/LogFile/LogPageRstr.cs


--------------------------------------------------------------------------------
/LogFile/Log_File.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/LogFile/Log_File.cs


--------------------------------------------------------------------------------
/MFT.Test/MFT.Test.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/MFT.Test.csproj


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/$I30/FirstDelete/$I30:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/$I30/FirstDelete/$I30


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/$I30/SecondDelete/$I30:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/$I30/SecondDelete/$I30


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/$I30/Start/$I30:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/$I30/Start/$I30


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/Boot/$Boot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/Boot/$Boot


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/NIST/DFR-16/$MFT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/NIST/DFR-16/$MFT


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/Usn/record.usn:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/Usn/record.usn


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/tdungan/$MFT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/tdungan/$MFT


--------------------------------------------------------------------------------
/MFT.Test/TestFiles/xw/$MFT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestFiles/xw/$MFT


--------------------------------------------------------------------------------
/MFT.Test/TestMain.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.Test/TestMain.cs


--------------------------------------------------------------------------------
/MFT.sln:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT.sln


--------------------------------------------------------------------------------
/MFT/Attributes/ACERecord.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/ACERecord.cs


--------------------------------------------------------------------------------
/MFT/Attributes/Attribute.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/Attribute.cs


--------------------------------------------------------------------------------
/MFT/Attributes/AttributeList.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/AttributeList.cs


--------------------------------------------------------------------------------
/MFT/Attributes/Bitmap.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/Bitmap.cs


--------------------------------------------------------------------------------
/MFT/Attributes/Data.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/Data.cs


--------------------------------------------------------------------------------
/MFT/Attributes/ExtendedAttribute.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/ExtendedAttribute.cs


--------------------------------------------------------------------------------
/MFT/Attributes/ExtendedAttributeInformation.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/ExtendedAttributeInformation.cs


--------------------------------------------------------------------------------
/MFT/Attributes/FileInfo.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/FileInfo.cs


--------------------------------------------------------------------------------
/MFT/Attributes/FileName.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/FileName.cs


--------------------------------------------------------------------------------
/MFT/Attributes/Helpers.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/Helpers.cs


--------------------------------------------------------------------------------
/MFT/Attributes/IndexAllocation.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/IndexAllocation.cs


--------------------------------------------------------------------------------
/MFT/Attributes/IndexNodeHeader.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/IndexNodeHeader.cs


--------------------------------------------------------------------------------
/MFT/Attributes/IndexRoot.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/IndexRoot.cs


--------------------------------------------------------------------------------
/MFT/Attributes/LoggedUtilityStream.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/LoggedUtilityStream.cs


--------------------------------------------------------------------------------
/MFT/Attributes/NonResidentData.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/NonResidentData.cs


--------------------------------------------------------------------------------
/MFT/Attributes/ObjectId_.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/ObjectId_.cs


--------------------------------------------------------------------------------
/MFT/Attributes/ReparsePoint.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/ReparsePoint.cs


--------------------------------------------------------------------------------
/MFT/Attributes/ResidentData.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/ResidentData.cs


--------------------------------------------------------------------------------
/MFT/Attributes/SKSecurityDescriptor.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/SKSecurityDescriptor.cs


--------------------------------------------------------------------------------
/MFT/Attributes/SecurityDescriptor.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/SecurityDescriptor.cs


--------------------------------------------------------------------------------
/MFT/Attributes/StandardInfo.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/StandardInfo.cs


--------------------------------------------------------------------------------
/MFT/Attributes/VolumeInformation.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/VolumeInformation.cs


--------------------------------------------------------------------------------
/MFT/Attributes/VolumeName.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/VolumeName.cs


--------------------------------------------------------------------------------
/MFT/Attributes/xACLRecord.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Attributes/xACLRecord.cs


--------------------------------------------------------------------------------
/MFT/FileRecord.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/FileRecord.cs


--------------------------------------------------------------------------------
/MFT/MFT.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/MFT.csproj


--------------------------------------------------------------------------------
/MFT/Mft.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Mft.cs


--------------------------------------------------------------------------------
/MFT/MftFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/MftFile.cs


--------------------------------------------------------------------------------
/MFT/Other/AdsInfo.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/AdsInfo.cs


--------------------------------------------------------------------------------
/MFT/Other/AttributeInfo.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/AttributeInfo.cs


--------------------------------------------------------------------------------
/MFT/Other/DataRun.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/DataRun.cs


--------------------------------------------------------------------------------
/MFT/Other/DirectoryNameMapValue.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/DirectoryNameMapValue.cs


--------------------------------------------------------------------------------
/MFT/Other/ExtensionMethods.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/ExtensionMethods.cs


--------------------------------------------------------------------------------
/MFT/Other/FixupData.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/FixupData.cs


--------------------------------------------------------------------------------
/MFT/Other/IndexEntry.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/IndexEntry.cs


--------------------------------------------------------------------------------
/MFT/Other/IndexEntryI30.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/IndexEntryI30.cs


--------------------------------------------------------------------------------
/MFT/Other/MftEntryInfo.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/MftEntryInfo.cs


--------------------------------------------------------------------------------
/MFT/Other/ParentMapEntry.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/MFT/Other/ParentMapEntry.cs


--------------------------------------------------------------------------------
/O/O.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/O/O.cs


--------------------------------------------------------------------------------
/O/O.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/O/O.csproj


--------------------------------------------------------------------------------
/O/OFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/O/OFile.cs


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/README.md


--------------------------------------------------------------------------------
/SDS/FixupData.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/FixupData.cs


--------------------------------------------------------------------------------
/SDS/Sdh.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/Sdh.cs


--------------------------------------------------------------------------------
/SDS/SdhFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/SdhFile.cs


--------------------------------------------------------------------------------
/SDS/Sds.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/Sds.cs


--------------------------------------------------------------------------------
/SDS/SdsEntry.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/SdsEntry.cs


--------------------------------------------------------------------------------
/SDS/SdsFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/SdsFile.cs


--------------------------------------------------------------------------------
/SDS/Secure.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/Secure.csproj


--------------------------------------------------------------------------------
/SDS/Sii.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/Sii.cs


--------------------------------------------------------------------------------
/SDS/SiiFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/SDS/SiiFile.cs


--------------------------------------------------------------------------------
/Usn/MFTInformation.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Usn/MFTInformation.cs


--------------------------------------------------------------------------------
/Usn/Usn.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Usn/Usn.cs


--------------------------------------------------------------------------------
/Usn/Usn.csproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Usn/Usn.csproj


--------------------------------------------------------------------------------
/Usn/UsnEntry.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Usn/UsnEntry.cs


--------------------------------------------------------------------------------
/Usn/UsnFile.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/Usn/UsnFile.cs


--------------------------------------------------------------------------------
/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EricZimmerman/MFT/HEAD/icon.png


--------------------------------------------------------------------------------