When reconstructing USN journal paths we actually have access to more information than contained in the MFT because the USN journal records partial filename information. This PR adds the ability to preload these partial file information in case they are encounterd during path reconstruction.
When reconstructing USN journal paths we actually have access to more information than contained in the MFT because the USN journal records partial filename information. This PR adds the ability to preload these partial file information in case they are encounterd during path reconstruction.
See https://cybercx.com.au/blog/ntfs-usnjrnl-rewind/ for more details.