NTFS Data Tracker
NTFS Data Tracker v1.0
NTFS Data Tracker v1.0
This tool generates the file data history.
The input of this tool are sample files($LogFile, $MFT) extracted by another tool like Encase, Winhex.
A default time information is local time(system's time) and timezone is adjustable.
The Events of File Data History
Create File
Initial DataRuns
Update DataRuns
Create DataStream
Update Resident Data
Delete Resident Data
Delete File
User Interface
Update History
v1.0 (2021.12.10)
Initial Version
Related Paper : https://www.sciencedirect.com/science/article/abs/pii/S2666281721002341
Created by Junghoon Oh(blueangel)
Email : blueangel1275@gmail.com