$I30 INDX Parsing

I needed to walk a directory index for another script I was working on. I figured, as long as I was there trying to prototype that, I would just dump out the entire Index.

I already have a couple of scripts that do this. One of the major things I noticed when I started working on this that I hadn’t realized before was that there were a couple of serious problems with those other scripts. Most notably, they weren’t applying the fixups from the Update Sequence Array, which caused random corruption in file names and dates. Forensics is not a field where you want errors in dates, so I thought this a big deal.

Like the MFT parser below, this dumps to the console. Blue check the folder of interest and run. It will operate successfully against multiple checked folders, but the output is kinda long and hard to keep straight, so I don’t recommend it.

Download here