NTFS
From Digital Forensics Framework
|
|
This page is currently being rewritten. Consequently, some information are outdated, missing or inexact. |
- Synopsis : ntfs path [--parent parent]
Driver for NTFS file systems. To use you must have a dump already loaded into DFF virtual file system.
To launch the driver, double click on the dump or go to the menu Open with -> File system -> NTFS.
A pop-up will spawn, where you can modify some NTFS parameters.
Once you are done, you just have to click on the OK button, or Cancel if you wish to cancel the launch of the NTFS driver.
The module will run and retrieve deleted data. There are a lot of attributes on NTFS, but i have no ideas what their meanings are :
