|
The Sleuth Kit
4.10.2
|
Contains the TSK Update Sequence Number journal walking code. More...
Functions | |
| uint8_t | tsk_ntfs_usnjentry_walk (TSK_FS_INFO *fs, TSK_FS_USNJENTRY_WALK_CB action, void *ptr) |
| Walk through the Update Sequence Number journal file opened with ntfs_usnjopen. More... | |
| uint8_t | tsk_ntfs_usnjopen (TSK_FS_INFO *fs, TSK_INUM_T inum) |
| Open the Update Sequence Number Journal stored at the inode inum. More... | |
Contains the TSK Update Sequence Number journal walking code.
| uint8_t tsk_ntfs_usnjentry_walk | ( | TSK_FS_INFO * | fs, |
| TSK_FS_USNJENTRY_WALK_CB | action, | ||
| void * | ptr | ||
| ) |
Walk through the Update Sequence Number journal file opened with ntfs_usnjopen.
For each USN record, calls the callback action passing the USN record header, the USN record and the pointer ptr.
| ntfs | File system where the journal is stored |
| action | action to be called per each USN entry |
| ptr | pointer to data passed to the action callback |
References TSK_FS_INFO::ftype, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_fs_file_close(), and TSK_FS_TYPE_NTFS.
| uint8_t tsk_ntfs_usnjopen | ( | TSK_FS_INFO * | fs, |
| TSK_INUM_T | inum | ||
| ) |
Open the Update Sequence Number Journal stored at the inode inum.
| ntfs | File system where the journal is stored |
| inum | file reference number where the USN journal is located |
References TSK_FS_INFO::block_size, TSK_FS_INFO::ftype, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_fprintf(), tsk_fs_file_open_meta(), TSK_FS_TYPE_NTFS, and tsk_verbose.
Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.