Skip to content
This repository has been archived by the owner on Feb 13, 2021. It is now read-only.

forensicmatt/RustyMft

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
examples
examples
 
 
src
src
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

A fast and cross platform MFT Parser written in Rust that gives you the ability to query the records via JMESPath queries. Output is JSONL.

RustyMft 0.1.0
Matthew Seyer <https://github.com/forensicmatt/RustyMft>
Parse $MFT.

USAGE:
    RustyMft.exe [FLAGS] [OPTIONS] --source <FILE>

FLAGS:
    -b, --bool_expr    JMES Query as bool only. (Prints whole record if true.)
    -h, --help         Prints help information
    -V, --version      Prints version information

OPTIONS:
    -q, --query <QUERY>    JMES Query
    -s, --source <FILE>    The source path. Can be a file or a directory.

About

MFT to JSON

Resources

Readme

License

Apache-2.0 license
Activity

Stars

8 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

RustyMft v0.1.0 Latest
Jun 24, 2017

Packages

No packages published

Languages