scudette
commented
1 year ago See sample code here https://github.com/Velocidex/go-ntfs/blob/master/bin/usn.go
Closed mjiulee closed 1 year ago
scudette
commented
1 year ago See sample code here https://github.com/Velocidex/go-ntfs/blob/master/bin/usn.go
i wrote the following code for file-log search on my windows,
but it get "Invalid magic" error, how can i fix up this demo code ? thank you~
` package main
import ( "context" "fmt" "io" "log" "os" "strings" "github.com/Velocidex/go-ntfs/parser" )
const ( record_directory = "out.txt" )
func getReader(reader io.ReaderAt) io.ReaderAt { if record_directory == "" { return reader } return parser.NewRecorder(record_directory, reader) }
func main() { rd, er := os.Open(
\\.\D:) if er != nil { log.Fatalln(er) } defer rd.Close() reader, err := parser.NewPagedReader(getReader(rd), 1024, 10000) if err != nil { log.Fatalln(err) } ntfs_ctx, err := parser.GetNTFSContext(reader, 0) if err != nil { log.Fatalln(err) } for record := range parser.ParseUSN(context.Background(), ntfs_ctx, 0) { fmt.Println(record.Usn()) fmt.Println(record.Offset) fmt.Println(record.Filename()) fmt.Println(record.FullPath()) fmt.Println(record.TimeStamp()) fmt.Println(strings.Join(record.Reason(), ", ")) fmt.Println(strings.Join(record.FileAttributes(), ", ")) fmt.Println(strings.Join(record.SourceInfo(), ", ")) } }`