Missing Path values for some files/dirs

msuhanov / dfir_ntfs

An NTFS/FAT parser for digital forensics & incident response

GNU General Public License v3.0

191 stars 29 forks source link

Missing Path values for some files/dirs #7

Closed Sim4n6 closed 5 years ago

Sim4n6 commented 5 years ago

This small MFT when it get parsed using the script ntfs_parser. It produces an CSV with some records without Path name.

Records are : 3377699720527884 - 3659174697238541- 3940649673949198 - 4222124650659855

I'm not sure if it is anomaly, but I am sharing it any way for testing purpose.

msuhanov commented 5 years ago

These are file record segments #12, #13, #14, and #15. Each one has the $STANDARD_INFORMATION attribute, but none of them has the $FILE_NAME attribute (just checked it again using a HEX editor).

So, the tool is printing data as is.

Sim4n6 commented 5 years ago

Alright, thank u for ur response