fuse-mft ?is a? FUSE ?file" rel="nofollow" target="_blank">http://fuse.sourceforge.org/">FUSE ?file system driver for MFT files. It allows an analyst to mount the file system tree defined by an MFT on their analysis machine. Then, they can use familiar command line or graphical tools to explore the contents.? fuse-mft ?uses the metadata found within the MFT to populate the entries, and exposes a few virtual files to provide additional context.
MFT to the tools with which you?re already an expert. For example, you can explore the filenames and timestamps of a directory using a graphical file explorer, or generate a high level description using? tree . You might even begin generating your timelines with? find!
Extra context from virtual files ? fuse-mft ?provides additional information about files and directories using ?virtual files? ? that is, files you can access, but are not backed by the MFT. The contents of the virtual files are the same reports generated by? get-file-info: