Update README.md

kacos2000 · Jul 25, 2021 · 8f68aca · 8f68aca
1 parent a32cf03
commit 8f68aca
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -10,13 +10,16 @@
 - Clicking on any detail of the record, shows the source of the detail in the Hex view grid.
 - All timestamps are in UTC
 
-Note: Recreating the directory tree from large MFT files might take a lot of time, *(possibly hour(s))*, as it needs to map each child record to it's parent node, and as the structure grows, the time needed grows exponentially. E.g.:
+### Note:
+You'll need a previously extracted $MFT or $MFTMirr file by another tool *(eg. [FTK Imager](https://accessdata.com/product-download)  or [Export-MFT.ps1](https://gist.github.com/secabstraction/4044f4aadd3ef21f0ca9))*
 
-   ![](https://raw.githubusercontent.com/kacos2000/MFT_Browser/master/I/m0.JPG)![](https://raw.githubusercontent.com/kacos2000/MFT_Browser/master/I/m2.JPG)![](https://raw.githubusercontent.com/kacos2000/MFT_Browser/master/I/m1.JPG)
-
-[How to view a single record from a large MFT file](https://github.com/kacos2000/MFT_Browser/blob/master/How%20to%20view%20a%20single%20record%20from%20a%20large%20MFT%20file.pdf)
+Recreating the directory tree from large MFT files might take a lot of time, *(possibly hour(s))*, as it needs to map each child record to it's parent node, and as the structure grows, the time needed grows exponentially.
 
-A few small test $MFT files to play with can be found [here](https://github.com/EricZimmerman/MFT/tree/3bed2626ee85e9a96a6db70a17407d0c3696056a/MFT.Test/TestFiles) and [here](https://github.com/msuhanov/dfir_ntfs/tree/master/test_data)
+<!--    ![](https://raw.githubusercontent.com/kacos2000/MFT_Browser/master/I/m0.JPG)![](https://raw.githubusercontent.com/kacos2000/MFT_Browser/master/I/m2.JPG)![](https://raw.githubusercontent.com/kacos2000/MFT_Browser/master/I/m1.JPG)
+ -->  
+- [How to view a single record from a large MFT file](https://github.com/kacos2000/MFT_Browser/blob/master/How%20to%20view%20a%20single%20record%20from%20a%20large%20MFT%20file.pdf)<br>
+- [Reparse point examples (pdf)](https://github.com/kacos2000/MFT_Browser/raw/master/reparse%20point%20examples.pdf)<br>
+- Small test $MFT files to play with, can be found [here](https://github.com/EricZimmerman/MFT/tree/3bed2626ee85e9a96a6db70a17407d0c3696056a/MFT.Test/TestFiles) and [here](https://github.com/msuhanov/dfir_ntfs/tree/master/test_data)
 
 *Based on [$MFT Record Viewer](https://github.com/kacos2000/MFT_Record_Viewer)*<br>