ntfs-reader
| Crates.io | ntfs-reader |
| lib.rs | ntfs-reader |
| version | 0.4.3 |
| created_at | 2022-11-07 18:13:34.545641+00 |
| updated_at | 2025-09-20 06:20:57.710441+00 |
| description | Read MFT and USN journal |
| homepage | |
| repository | https://github.com/kikijiki/ntfs-reader |
| max_upload_size | |
| id | 707376 |
| size | 104,463 |
キキジキ (kikijiki)
documentation
README
ntfs-reader
Features
- Fast in-memory scan of all records in the $MFT
- Usn journal reader
Examples
See the examples directory for complete working examples.
MFT Usage
// Open the C volume and its MFT.
// Must have elevated privileges or it will fail.
let volume = Volume::new("\\\\.\\C:")?;
let mft = Mft::new(volume)?;
// Iterate all files
mft.iterate_files(|file| {
// Can also use FileInfo::with_cache().
let info = FileInfo::new(&mft, file);
// Available fields: name, path, is_directory, size, timestamps (created, accessed, modified).
});
// Some perf comparison
// Type Iteration Drop Total
// No Cache 12.326s 0 12.326s
// HashMap Cache 4.981s 323.150ms 5.305s
// Vec Cache 3.756s 114.670ms 3.871s
Journal Usage
let volume = Volume::new("\\\\?\\C:")?;
// With `JournalOptions` you can customize things like where to start reading
// from (beginning, end, specific point), the mask to use for the events and more.
let mut journal = Journal::new(volume, JournalOptions::default())?;
// Try to read some events.
// You can call `read_sized` to use a custom buffer size.
for result in journal.read()? {
// Available fields are: usn, timestamp, file_id, parent_id, reason, path.
}
Contributing
I'm not accepting PRs at the moment, but feel free to report issues or send suggestions.