Request for Example: Directly Reading and Parsing Filenames from $MFT File without Copying

[hkhk368]

@t9t

Thank you for sharing the code of this library. As a newbie to MFT, could you write an example? I would greatly appreciate it if you could read the $MFT file directly without copying it, and then parse out the file name of each file.

[t9t]

Hi @hkhk368, thanks for taking the time to make this request.

Unfortunately, I cannot give a good example. When I wrote this library, I wanted to create an open-source commandline alternative to WizFile, to quickly find a file by reading the MFT. However, while I figured out parsing (of which this library is the result), I was never able to figure out how to get the file tree from the MFT. I encountered some strange things, like multiple records for the same file, or entries for files which were already deleted (and no indication of that in the record). So there is something missing to bridge the gap between reading MFT records, and actually interpreting the records to a file tree.

So for now, my suggestion is to look up other MFT and NTFS documentation on the web to understand how to interpret the MFT data for your use case.

I'll leave the issue open, because I do think it would be useful to add a few good examples at some point.