Merge pull request #127 from rowingdude/development_3.0.2

Development branch merged updated to 3.0.2
rowingdude · Sep 4, 2024 · 29821c1 · 29821c1
2 parents 2b94b94 + e514282
commit 29821c1
Show file tree

Hide file tree

Showing 2 changed files with 357 additions and 32 deletions.
diff --git a/src/analyzeMFT/constants.py b/src/analyzeMFT/constants.py
@@ -270,17 +270,70 @@
 # MFT Record magic number
 MFT_RECORD_MAGIC = b'FILE'
 
-# CSV Header
 CSV_HEADER = [
-    'Record Number', 'Good', 'Active', 'Record type', 'Sequence Number',
-    'Parent File Rec. #', 'Parent File Rec. Seq. #', 'Filename',
-    'Std Info Creation Time', 'Std Info Modification Time',
-    'Std Info Access Time', 'Std Info Entry Time',
-    'FN Info Creation Time', 'FN Info Modification Time',
-    'FN Info Access Time', 'FN Info Entry Time',
-    'Object ID', 'Birth Volume ID', 'Birth Object ID', 'Birth Domain ID',
-    'Standard Information', 'Attribute List', 'File Name',
-    'Volume Name', 'Volume Info', 'Data', 'Index Root',
-    'Index Allocation', 'Bitmap', 'Reparse Point', 'EA Information', 'EA',
-    'Logged Utility Stream', 'Filepath'
+    # Basic Record Information
+    'Record Number', 
+    'Record Status',  # Instead of 'Good'/'Bad'
+    'Record Type',    # Instead of 'Active'/'Inactive'
+    'File Type',      # Instead of 'Record type'
+    'Sequence Number',
+    'Parent Record Number',
+    'Parent Record Sequence Number',
+
+    # File Information
+    'Filename',
+    'Filepath',
+
+    # Standard Information Times
+    'SI Creation Time',
+    'SI Modification Time',
+    'SI Access Time',
+    'SI Entry Time',
+
+    # File Name Attribute Times
+    'FN Creation Time',
+    'FN Modification Time',
+    'FN Access Time',
+    'FN Entry Time',
+
+    # Object ID Information
+    'Object ID',
+    'Birth Volume ID',
+    'Birth Object ID',
+    'Birth Domain ID',
+
+    # Attribute Presence Flags
+    'Has Standard Information',
+    'Has Attribute List',
+    'Has File Name',
+    'Has Volume Name',
+    'Has Volume Information',
+    'Has Data',
+    'Has Index Root',
+    'Has Index Allocation',
+    'Has Bitmap',
+    'Has Reparse Point',
+    'Has EA Information',
+    'Has EA',
+    'Has Logged Utility Stream',
+
+    # Detailed Attribute Information
+    'Attribute List Details',
+    'Security Descriptor',
+    'Volume Name',
+    'Volume Information',
+    'Data Attribute',
+    'Index Root',
+    'Index Allocation',
+    'Bitmap',
+    'Reparse Point',
+    'EA Information',
+    'EA',
+    'Logged Utility Stream',
+
+    # Hash Information (if computed)
+    'MD5',
+    'SHA256',
+    'SHA512',
+    'CRC32'
 ]