diogo-fernan
commented
5 years ago The *.bin files contain the:
- boot sector of the existing drives;
- Master File Table (MFT) of NTFS partitions;
$LogFileof NTFS partitions;$UsnJrnlof NTFS partitions.
These are all binary files and require to be parsed by other tools. Have a look a the filesystem section of the configuration file at https://github.com/diogo-fernan/ir-rescue/blob/master/win/tools-win/cfg/ir-rescue-win.conf#L128 for modifying the acquisition behavior.
I have a few questions. What program created these .bin files, how do you view their contents, and can we disable .bin files from being created somehow?