rasberry/NTFSDirect
GitHub: rasberry/NTFSDirect
直接读取并解析 NTFS 主文件表(MFT)以枚举磁盘上所有文件路径的 .NET 库,可绕过文件系统权限限制发现隐藏文件。
Stars: 27 | Forks: 2
# NTFSDirect
NTFS MFT (主文件表) 原始读取器和解析器
## 用法
```
string vol = "c:";
var fileList = new NTFSDirect.Enumerator(vol);
foreach(string file in fileList) {
FileInfo f = new FileInfo(file);
if (!f.Exists) { continue; } //every file is enumerated even ones we don't have access to.
//Do something with each path
}
```
仅获取某些扩展名
```
string vol = "c:";
var fileList = new NTFSDirect.Enumerator(vol, new [] {".txt", ".md"});
foreach(string file in fileList) {
FileInfo f = new FileInfo(file);
if (!f.Exists) { continue; } //every file is enumerated even ones we don't have access to.
//Do something with each path
}
```
此代码基于[此处](http://code.google.com/p/phever/source/browse/trunk/mft/mftdb/mftdb/CChangeJournal.cs?r=32)的工作
标签:Awesome, CIDR输入, HTTPS请求, HTTP工具, MFT解析, NTFS, NTFSDirect, Windows取证, 主文件表, 原始数据读取, 多人体追踪, 底层I/O, 数字取证, 数据恢复, 文件枚举, 文件系统, 磁盘分析, 端点可见性, 系统管理, 网络安全审计, 自动化脚本