metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

MetasploitModule#deleted_files

Recieve the MFT data runs and list/save the deleted files
Useful cheat_sheet to understand the MFT structure:  http://www.writeblocked.org/resources/ntfs_cheat_sheets.pdf
Recap of each of the attributes: http://runenordvik.com/doc/MFT-table.pdf

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open modules/post/windows/gather/forensics/recovery_files.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-MetasploitModule-deleted_files-for-pr

# Commit to git

git add modules/post/windows/gather/forensics/recovery_files.rbgit commit -m "better docs for MetasploitModule#deleted_files"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-MetasploitModule-deleted_files-for-pr

hub pull-request

# Celebrate!