Menu
I recently encountered a strange Windows 7 bug where a 600 MB video file I spent ~1 hour recording disappeared with no trace. I've tried using applications such as Recuva to see if I can recover it to no avail.
I know for sure that the file existed at one point because there is still a link to its location in VLC Media player's history. That said, there SHOULD be a reference to the data write operations in the NTFS $LogFile on the volume where this file was created. Whenever I try to do a 'type $Logfile' or open it through an application I get "Access is Denied". I am logged in as an account with Local Administrator privileges.
Does anyone know a surefire method of viewing the NTFS $LogFile for a given volume?
373
nfi.exe should help. take a look at the following question:
How to dump the NTFS $Bitmap file
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
