$I30 INDX Parsing

I needed to walk a directory index for another script I was working on. I figured, as long as I was there trying to prototype that, I would just dump out the entire Index.

I already have a couple of scripts that do this. One of the major things I noticed when I started working on this that I hadn’t realized before was that there were a couple of serious problems with those other scripts. Most notably, they weren’t applying the fixups from the Update Sequence Array, which caused random corruption in file names and dates. Forensics is not a field where you want errors in dates, so I thought this a big deal.

Like the MFT parser below, this dumps to the console. Blue check the folder of interest and run. It will operate successfully against multiple checked folders, but the output is kinda long and hard to keep straight, so I don’t recommend it.

Download here

Advertisements

2 thoughts on “$I30 INDX Parsing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s