README.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

A fast and cross platform MFT Parser written in Rust that gives you the ability to query the records via [JMESPath](http://jmespath.org/) queries. Output is [JSONL](http://jsonlines.org/).

```
RustyMft 0.1.0
Matthew Seyer <https://github.com/forensicmatt/RustyMft>
Parse $MFT.

USAGE:
    RustyMft.exe [FLAGS] [OPTIONS] --source <FILE>

FLAGS:
    -b, --bool_expr    JMES Query as bool only. (Prints whole record if true.)
    -h, --help         Prints help information
    -V, --version      Prints version information

OPTIONS:
    -q, --query <QUERY>    JMES Query
    -s, --source <FILE>    The source path. Can be a file or a directory.
```