Your video has been immensly helpful in understanding MFT. Is there any good book or online resource in terms of referencing this kind of information. Most descriptions are way too general to do anything useful with it. Thanks
Thank you for your kind words. I do not know of any (recent) books on the NTFS file system that I would recommend. When I was in graduate school the Yoda of file system forensics was Brian Carrier. He wrote our textbook which explained every single byte of a master file table record. That book is now comparably speaking, ancient. Brian Carrier is also the developer of the Autopsy tool which I have used in several forensics classes that I have taught. I recommend that you search in Google for "Windows NTFS File System Forensics." You will find several reference websites that explain the full breakdown of the master file table and other file system artifacts. Here is one such reference. github.com/libyal/libfsntfs/blob/main/documentation/New%20Technologies%20File%20System%20(NTFS).asciidoc.
Wow, great presentation Jonathan. Thanks for your hard work. It helps me a lot to better understand the structures and how NTFS works. Keep it up!
Waiting on part 2 lol! No but seriously - thank you so much. Writing a file program and this definitley hits the nail of the head.
Nice...presented well. Thank you Jon
Brilliant. Much appreciated.
You are a legend. Thank you.
Your video has been immensly helpful in understanding MFT. Is there any good book or online resource in terms of referencing this kind of information. Most descriptions are way too general to do anything useful with it. Thanks
Thank you for your kind words. I do not know of any (recent) books on the NTFS file system that I would recommend. When I was in graduate school the Yoda of file system forensics was Brian Carrier. He wrote our textbook which explained every single byte of a master file table record. That book is now comparably speaking, ancient. Brian Carrier is also the developer of the Autopsy tool which I have used in several forensics classes that I have taught. I recommend that you search in Google for "Windows NTFS File System Forensics." You will find several reference websites that explain the full breakdown of the master file table and other file system artifacts. Here is one such reference. github.com/libyal/libfsntfs/blob/main/documentation/New%20Technologies%20File%20System%20(NTFS).asciidoc.
Total 457 R count 81,401 perc. In use 30 total mft 3