blob: 7e5ae2b2dc92f12448cc1d839bdbaac772566cc0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
A fast and cross platform MFT Parser written in Rust that gives you the ability to query the records via JMES Query. Output is JSONL (http://jsonlines.org/).
```
RustyMft 0.1.0
Matthew Seyer <https://github.com/forensicmatt/RustyMft>
Parse $MFT.
USAGE:
RustyMft.exe [FLAGS] [OPTIONS] --source <FILE>
FLAGS:
-b, --bool_expr JMES Query as bool only. (Prints whole record if true.)
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-q, --query <QUERY> JMES Query
-s, --source <FILE> The source path. Can be a file or a directory.
```
## Output
The output is written to stdout as a json list of records.
|