-
Notifications
You must be signed in to change notification settings - Fork 274
MasterFileTable Class
Jared Atkinson edited this page Nov 5, 2015
·
4 revisions
public class MasterFileTable
{
// Static Methods
public static FileRecord GetRecord(string volume)
public static byte[] GetBytes(string volume)
public static byte[] GetSlack(string volume)
public static byte[] GetSlackByPath(string path)
}
Name | Description |
---|---|
GetRecord(string) | |
GetBytes(string) | |
GetSlack(string) | |
GetSlackByPath(string) |
Getting Started
- PowerForensics
- PowerForensics.Artifacts
- PowerForensics.Ntfs
- PowerForensics.Formats
- PowerForensics.Registry
- PowerForensics.Utilities
Cmdlets
- ConvertTo-ForensicTimeline
- Copy-ForensicFile
- Get-ForensicAlternateDataStream
- Get-ForensicAmcache
- Get-ForensicAttrDef
- Get-ForensicBitmap
- Get-ForensicBootSector
- Get-ForensicChildItem
- Get-ForensicContent
- Get-ForensicEventLog
- Get-ForensicFileRecord
- Get-ForensicFileRecordIndex
- Get-ForensicFileSlack
- Get-ForensicGuidPartitionTable
- Get-ForensicMasterBootRecord
- Get-ForensicMftSlack
- Get-ForensicNetworkList
- Get-ForensicPartitionTable
- Get-ForensicPrefetch
- Get-ForensicRegistryKey
- Get-ForensicRegistryValue
- Get-ForensicScheduledJob
- Get-ForensicSid
- Get-ForensicTimeline
- Get-ForensicTimezone
- Get-ForensicUnallocatedSpace
- Get-ForensicUserAssist
- Get-ForensicUsnJrnl
- Get-ForensicUsnJrnlInformation
- Get-ForensicVolumeBootRecord
- Get-ForensicVolumeInformation
- Get-ForensicVolumeName
- Invoke-ForensicDD