Skip to content

Releases: kacos2000/MFT_Browser

MFTBrowser.exe (x64)

09 Sep 21:20
@kacos2000 kacos2000
v.0.0.24.0
8be0730
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update]

  • Updated/corrected the output for $Reparse_Point SymLinks, Mount_Points, and WOF
  • Added support for $Loggged_Utility_Stream's $DSC (Desired Storage Class Flags) & TxFData
  • Added the Storage Reserve Flag in $Standard_Information
  • Updated the info provided by $UpCase:$Info $Data Atrribute
  • Other minor corrections
Assets 4
Loading

MFTBrowser.exe (x64)

01 Sep 21:49
@kacos2000 kacos2000
v.0.0.23.0
c04ab21
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update]

  • minor fixes
Assets 4
Loading

MFTBrowser.exe (x64)

31 Aug 14:52
@kacos2000 kacos2000
v.0.0.22.0
8f68aca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update]

  • fixed minor bug when after pressing cancel the directory tree remained hidden.
Assets 4
Loading

MFTBrowser.exe (x64)

30 Aug 11:33
@kacos2000 kacos2000
v.0.0.21.0
8f68aca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update]

  • updated '$UpCase:$Info' Stream decoding to include OS Version (Major/Minor) & CRC64
Assets 4
Loading

MFTBrowser.exe (x64)

17 Jul 19:05
@kacos2000 kacos2000
v.0.0.19.0
ad28dea
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update]

  • Fixed minor bug resulting in the Folder tree not appearing under certain conditions (e.g.: after loading a new $Mft file and pressing cancel, then using the 'new range option' to look up a record, and then loading a new $MFT file)
Assets 4
Loading

MFTBrowser.exe (x64)

14 Jul 06:52
@kacos2000 kacos2000
v.0.0.18.0
5478143
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update]

  • Minor correction with WCI Reparse Tag to skip 4 reserved(?) bytes and read the GUID correctly
Assets 4
Loading

MFTBrowser.exe (x64)

09 Jul 22:39
@kacos2000 kacos2000
v.0.0.17.0
5478143
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update]

  • Added check : record info is only displayed if the fix-up value (offset 0x30, 0x31) of the record, matches (0x1FE,0x1FF) and (0x3FE,0x3FF) .
    Otherwise a 'Corrupt record' message is displayed + the hex view of the selected record.
    Example of corrupt record
Assets 4
Loading

MFTBrowser.exe (x64)

04 Jul 17:17
@kacos2000 kacos2000
v.0.0.16.0
00fce71
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update list]

  • added Symbolic Link Reparse Tag 'A000000C' flags:

0x00000000 -> The substitute name is a full path name.
0x00000001 -> The substitute name is a path name relative to the directory containing the symbolic link

Assets 4
Loading

MFTBrowser.exe (x64)

04 Jul 01:13
@kacos2000 kacos2000
v.0.0.15.0
88c4730
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update list]

  • Updated Windows Container Isolation (WCI) filter reparse point tag info for tags:

    80000018 - IO_REPARSE_TAG_WCI
    90001018 - IO_REPARSE_TAG_WCI_1
    A0001027 - IO_REPARSE_TAG_WCI_LINK_1
    A000001F - IO_REPARSE_TAG_WCI_TOMBSTONE
    A0000027 - IO_REPARSE_TAG_WCI_LINK

Assets 4
Loading

MFTBrowser.exe (x64)

08 Apr 07:41
@kacos2000 kacos2000
v.0.0.14.0
cbfa01c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
MFTBrowser.exe (x64)

[Update list]

  • Corrected flag "$Verify and $Corrupt disabled" to display correctly in $Volume_Information Attribute
    (It's a PowerShell thing: just added a couple of "`" before the $ signs)
Assets 4
Loading