diff --git a/$AttrDef/$AttrDef.png b/$AttrDef/$AttrDef.png new file mode 100644 index 0000000..1881cdc Binary files /dev/null and b/$AttrDef/$AttrDef.png differ diff --git a/$AttrDef/$AttrDef.svg b/$AttrDef/$AttrDef.svg new file mode 100644 index 0000000..79a0055 --- /dev/null +++ b/$AttrDef/$AttrDef.svg @@ -0,0 +1,745 @@ + + + + + + + + + + + + image/svg+xml + + + + + + + + + $AttrDef(Attribute Definition File) + 000 24 00 53 00 54 00 41 00 4E 00 44 00 41 00 52 00010 44 00 5F 00 49 00 4E 00 46 00 4F 00 52 00 4D 00020 41 00 54 00 49 00 4F 00 4E 00 00 00 00 00 00 00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00080 10 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00090 30 00 00 00 00 00 00 00 48 00 00 00 00 00 00 000A0 24 00 41 00 54 00 54 00 52 00 49 00 42 00 55 000B0 54 00 45 00 5F 00 4C 00 49 00 53 00 54 00 00 000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00120 20 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00130 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF + + + filenametypedisplay rulecollation ruleflagsminimum sizemaximum sizefilenametypedisplay rulecollation ruleflagsminimum sizemaximum size + + Entry + + By: Jared AtkinsonTemplate by: Ange Albertini + + $STANDARD_INFORMATION0x100x000x00 - binary0x40 - always resident0x300x48$ATTRIBUTE_LIST0x200x000x00 - binary0x80 - can be non-resident0x00 - no min0xFFFFFFFFFFFFFFFF - no max + + Fields + + Values + + + Entry + $STANDARD_INFORMATION 0x10 0x30 0x48$ATTRIBUTE_LIST 0x20 No Min No Max$FILE_NAME 0x30 0x44 0x242$OBJECT_ID 0x40 No Min 0x100$SECURITY_DESCRIPTOR 0x50 No Min No Max$VOLUME_NAME 0x60 0x02 0x100$VOLUME_INFORMATION 0x70 0x0C 0x0C$DATA 0x80 No Min No Max$INDEX_ROOT 0x90 No Min No Max$INDEX_ALLOCATION 0xA0 No Min No Max$BITMAP 0xB0 No Min No Max$REPARSE_POINT 0xC0 No Min 0x4000$EA_INFORMATION 0xD0 0x08 0x08$EA 0xE0 No Min 0x10000$LOGGED_UTILITY_STREAM 0xF0 No Min 0x10000 + Attribute Name + Type + Min Size + MAX Size + + + + diff --git a/7_$Boot (Volume Boot Record)/VBR.png b/$Boot (Volume Boot Record)/VBR.png similarity index 100% rename from 7_$Boot (Volume Boot Record)/VBR.png rename to $Boot (Volume Boot Record)/VBR.png diff --git a/7_$Boot (Volume Boot Record)/VolumeBootRecord101.svg b/$Boot (Volume Boot Record)/VolumeBootRecord101.svg similarity index 100% rename from 7_$Boot (Volume Boot Record)/VolumeBootRecord101.svg rename to $Boot (Volume Boot Record)/VolumeBootRecord101.svg diff --git a/11_$Extend/$UsnJrnl/$UsnJrnl_$J.png b/$Extend/$UsnJrnl/$UsnJrnl_$J.png similarity index 100% rename from 11_$Extend/$UsnJrnl/$UsnJrnl_$J.png rename to $Extend/$UsnJrnl/$UsnJrnl_$J.png diff --git a/11_$Extend/$UsnJrnl/$UsnJrnl_$J.svg b/$Extend/$UsnJrnl/$UsnJrnl_$J.svg similarity index 100% rename from 11_$Extend/$UsnJrnl/$UsnJrnl_$J.svg rename to $Extend/$UsnJrnl/$UsnJrnl_$J.svg diff --git a/11_$Extend/$UsnJrnl/$UsnJrnl_$Max.png b/$Extend/$UsnJrnl/$UsnJrnl_$Max.png similarity index 100% rename from 11_$Extend/$UsnJrnl/$UsnJrnl_$Max.png rename to $Extend/$UsnJrnl/$UsnJrnl_$Max.png diff --git a/11_$Extend/$UsnJrnl/$UsnJrnl_$Max.svg b/$Extend/$UsnJrnl/$UsnJrnl_$Max.svg similarity index 100% rename from 11_$Extend/$UsnJrnl/$UsnJrnl_$Max.svg rename to $Extend/$UsnJrnl/$UsnJrnl_$Max.svg diff --git a/0_Master File Table Record/MFT Attributes/0x10_$STANDARD_INFORMATION/$STANDARDINFORMATION.svg b/$MFT/Attributes/0x10_$STANDARD_INFORMATION/$STANDARDINFORMATION.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x10_$STANDARD_INFORMATION/$STANDARDINFORMATION.svg rename to $MFT/Attributes/0x10_$STANDARD_INFORMATION/$STANDARDINFORMATION.svg diff --git a/0_Master File Table Record/MFT Attributes/0x10_$STANDARD_INFORMATION/$STANDARD_INFORMATION.png b/$MFT/Attributes/0x10_$STANDARD_INFORMATION/$STANDARD_INFORMATION.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x10_$STANDARD_INFORMATION/$STANDARD_INFORMATION.png rename to $MFT/Attributes/0x10_$STANDARD_INFORMATION/$STANDARD_INFORMATION.png diff --git a/0_Master File Table Record/MFT Attributes/0x30_$FILE_NAME/$FILENAME.svg b/$MFT/Attributes/0x30_$FILE_NAME/$FILENAME.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x30_$FILE_NAME/$FILENAME.svg rename to $MFT/Attributes/0x30_$FILE_NAME/$FILENAME.svg diff --git a/0_Master File Table Record/MFT Attributes/0x30_$FILE_NAME/$FILE_NAME.png b/$MFT/Attributes/0x30_$FILE_NAME/$FILE_NAME.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x30_$FILE_NAME/$FILE_NAME.png rename to $MFT/Attributes/0x30_$FILE_NAME/$FILE_NAME.png diff --git a/0_Master File Table Record/MFT Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.png b/$MFT/Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.png rename to $MFT/Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.png diff --git a/0_Master File Table Record/MFT Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.svg b/$MFT/Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.svg rename to $MFT/Attributes/0x60_$VOLUME_NAME/$VOLUME_NAME.svg diff --git a/0_Master File Table Record/MFT Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.png b/$MFT/Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.png rename to $MFT/Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.png diff --git a/0_Master File Table Record/MFT Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.svg b/$MFT/Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.svg rename to $MFT/Attributes/0x70_$VOLUME_INFORMATION/$VOLUME_INFORMATION.svg diff --git a/0_Master File Table Record/MFT Attributes/0x80_$DATA/$DATA.png b/$MFT/Attributes/0x80_$DATA/$DATA.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x80_$DATA/$DATA.png rename to $MFT/Attributes/0x80_$DATA/$DATA.png diff --git a/0_Master File Table Record/MFT Attributes/0x80_$DATA/$DATA.svg b/$MFT/Attributes/0x80_$DATA/$DATA.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x80_$DATA/$DATA.svg rename to $MFT/Attributes/0x80_$DATA/$DATA.svg diff --git a/0_Master File Table Record/MFT Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.png b/$MFT/Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.png rename to $MFT/Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.png diff --git a/0_Master File Table Record/MFT Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.svg b/$MFT/Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.svg rename to $MFT/Attributes/0x90_$INDEX_ROOT/$INDEX_ROOT.svg diff --git a/0_Master File Table Record/MFT Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.png b/$MFT/Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.png rename to $MFT/Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.png diff --git a/0_Master File Table Record/MFT Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.svg b/$MFT/Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.svg rename to $MFT/Attributes/0xA0_$INDEX_ALLOCATION/$INDEX_ALLOCATION.svg diff --git a/0_Master File Table Record/MFT Attributes/_NonResident/NonResident.png b/$MFT/Attributes/_NonResident/NonResident.png similarity index 100% rename from 0_Master File Table Record/MFT Attributes/_NonResident/NonResident.png rename to $MFT/Attributes/_NonResident/NonResident.png diff --git a/0_Master File Table Record/MFT Attributes/_NonResident/NonResident.svg b/$MFT/Attributes/_NonResident/NonResident.svg similarity index 100% rename from 0_Master File Table Record/MFT Attributes/_NonResident/NonResident.svg rename to $MFT/Attributes/_NonResident/NonResident.svg diff --git a/0_Master File Table Record/MFT.png b/$MFT/MFT.png similarity index 100% rename from 0_Master File Table Record/MFT.png rename to $MFT/MFT.png diff --git a/0_Master File Table Record/MasterFileTable.svg b/$MFT/MasterFileTable.svg similarity index 100% rename from 0_Master File Table Record/MasterFileTable.svg rename to $MFT/MasterFileTable.svg diff --git a/__Posters/UsnJrnl_$J.png b/__Posters/$UsnJrnl_$J.png similarity index 100% rename from __Posters/UsnJrnl_$J.png rename to __Posters/$UsnJrnl_$J.png diff --git a/__Posters/$UsnJrnl_$Max.png b/__Posters/$UsnJrnl_$Max.png new file mode 100644 index 0000000..4334e8f Binary files /dev/null and b/__Posters/$UsnJrnl_$Max.png differ diff --git a/__Posters/3_MFT.png b/__Posters/0_MFT.png similarity index 100% rename from __Posters/3_MFT.png rename to __Posters/0_MFT.png diff --git a/__Posters/4_0x10_$STANDARD_INFORMATION.png b/__Posters/0x10_$STANDARD_INFORMATION.png similarity index 100% rename from __Posters/4_0x10_$STANDARD_INFORMATION.png rename to __Posters/0x10_$STANDARD_INFORMATION.png diff --git a/__Posters/4_0x30_$FILE_NAME.png b/__Posters/0x30_$FILE_NAME.png similarity index 100% rename from __Posters/4_0x30_$FILE_NAME.png rename to __Posters/0x30_$FILE_NAME.png diff --git a/__Posters/0x60_$VOLUME_NAME.png b/__Posters/0x60_$VOLUME_NAME.png new file mode 100644 index 0000000..7fd5741 Binary files /dev/null and b/__Posters/0x60_$VOLUME_NAME.png differ diff --git a/__Posters/0x70_$VOLUME_INFORMATION.png b/__Posters/0x70_$VOLUME_INFORMATION.png new file mode 100644 index 0000000..638b6b0 Binary files /dev/null and b/__Posters/0x70_$VOLUME_INFORMATION.png differ diff --git a/__Posters/0x80_$DATA.png b/__Posters/0x80_$DATA.png new file mode 100644 index 0000000..fec6c3d Binary files /dev/null and b/__Posters/0x80_$DATA.png differ diff --git a/__Posters/0x90_$INDEX_ROOT.png b/__Posters/0x90_$INDEX_ROOT.png new file mode 100644 index 0000000..5f35973 Binary files /dev/null and b/__Posters/0x90_$INDEX_ROOT.png differ diff --git a/__Posters/0xA0_$INDEX_ALLOCATION.png b/__Posters/0xA0_$INDEX_ALLOCATION.png new file mode 100644 index 0000000..4409656 Binary files /dev/null and b/__Posters/0xA0_$INDEX_ALLOCATION.png differ diff --git a/__Posters/0xXX_NonResident.png b/__Posters/0xXX_NonResident.png new file mode 100644 index 0000000..9fb84d4 Binary files /dev/null and b/__Posters/0xXX_NonResident.png differ diff --git a/__Posters/4_$AttrDef.png b/__Posters/4_$AttrDef.png new file mode 100644 index 0000000..1881cdc Binary files /dev/null and b/__Posters/4_$AttrDef.png differ diff --git a/__Posters/2_VBR.png b/__Posters/7_$Boot(VBR).png similarity index 100% rename from __Posters/2_VBR.png rename to __Posters/7_$Boot(VBR).png diff --git a/__Posters/1B_GPT.png b/__Posters/_GPT.png similarity index 100% rename from __Posters/1B_GPT.png rename to __Posters/_GPT.png diff --git a/__Posters/1A_MBR.png b/__Posters/_MBR.png similarity index 100% rename from __Posters/1A_MBR.png rename to __Posters/_MBR.png