cgsecurity
"e01" encase ewf files are sometimes not completely shown.
Hi, In some .E01 encase files (and direct disk access) I cannot see $MFT file, while Encase imager shows it without problems. Can you please check this one? Maybe you need to update the libewf library or there is something else?
I am using TestDisk 7.1-WIP from April 2018.
It's not related to E01 files. In src/ntfs_dir.c, there is code to hide special files:
if (MREF(mref) < FILE_first_user && filename[0] == '$') /* Hide system file */
goto freefn;
If it's really a feature you want, it may be possible to add some code to not hide them when in expert mode.
Hi @cgsecurity . Yes, I need this function badly. Please make the feature to unhide the files.
I was considering this possibility. But, I was sure that I did see the $MFT entry before. Additionally, in current view I see the "$Recycle.Bin" and "$WINDOWS.~BT". This does not make sense.
In practice I would not hide any files in testdisk. If someone uses this utility, this means that he knows about system files. At the end it is easy to delete a partition, so what is wrong with deleting system file?
I guess that this change is easy to implement and I look forward to see this change in the next WIP release.
Thank you so much for the cool tool!!!
Hi. Do you plan to fix the system files issue? Maybe you can hide it behind an option?
Hi @cgsecurity it seems that you have done some change: https://github.com/cgsecurity/testdisk/commit/2d36e835ba016468e3e59f7bd02716a2bb30948d
I did not test it yet.
You are welcome to compile from source and test it ;-) Enable the Expert mode in Options to be able to list the system files. Note that you will not be able to copy them.
Hi @cgsecurity I did not compile testdisk 7.1-WIP, just got the latest version with modification date 28.06.2018. The Expert mode does nothing on my hard drive. I don't see $MFT any way.
Also, the idea was to be able to copy the system files not just see them. Is it possible that all functionality will be activated?