private static List <FailSuccessCount> ThreadLauncher(FileEnumeratorParameters parameters)
{
fileEnumCount = new FailSuccessCount("OS files enumerated");
databaseInsertCount = new FailSuccessCount("OS database rows updated");
directoryEnumCount = new FailSuccessCount("directories enumerated");
try
{
char driveLetter = parameters.SelectedFolder[0];
Queue <string> folders = new Queue <string>(new string[] { parameters.SelectedFolder });
while (folders.Count > 0)
{
parameters.CancelToken.ThrowIfCancellationRequested();
string currentDirectory = folders.Dequeue();
// Get all _FILES_ inside folder
IEnumerable <FileProperties> properties = EnumerateFileProperties(parameters, driveLetter, currentDirectory);
foreach (FileProperties prop in properties)
{
parameters.CancelToken.ThrowIfCancellationRequested();
// INSERT file properties into _DATABASE_
bool insertResult = FilePropertiesAccessLayer.InsertFileProperties(prop);
if (insertResult)
{
databaseInsertCount.IncrementSucceededCount();
}
else
{
databaseInsertCount.IncrementFailedCount();
parameters.CancelToken.ThrowIfCancellationRequested();
continue;
}
parameters.CancelToken.ThrowIfCancellationRequested();
}
// Get all _FOLDERS_ at this depth inside this folder
IEnumerable <NtfsDirectory> nestedDirectories = MftHelper.GetDirectories(driveLetter, currentDirectory);
foreach (NtfsDirectory directory in nestedDirectories)
{
parameters.CancelToken.ThrowIfCancellationRequested();
string dirPath = Path.Combine(currentDirectory, directory.Name);
folders.Enqueue(dirPath);
directoryEnumCount.IncrementSucceededCount();
parameters.CancelToken.ThrowIfCancellationRequested();
}
}
}
catch (OperationCanceledException)
{ }
return(new List <FailSuccessCount> {
fileEnumCount, databaseInsertCount, directoryEnumCount
});
}
public static IEnumerable <FileProperties> EnumerateFileProperties(FileEnumeratorParameters parameters, char driveLetter, string currentDirectory)
{
foreach (NtfsFile file in MftHelper.EnumerateFiles(driveLetter, currentDirectory))
{
parameters.CancelToken.ThrowIfCancellationRequested();
// File _PATTERN MATCHING_
if (FileMatchesPattern(file, parameters.SearchPatterns))
{
string message = $"MFT File: {Path.Combine(currentDirectory, file.Name)}";
if (parameters.LogOutputFunction != null)
{
parameters.LogOutputFunction.Invoke(message);
}
if (parameters.ReportOutputFunction != null)
{
parameters.ReportOutputFunction.Invoke(message);
}
fileEnumCount.IncrementSucceededCount();
parameters.CancelToken.ThrowIfCancellationRequested();
FileProperties prop = new FileProperties();
prop.PopulateFileProperties(parameters, driveLetter, file);
parameters.CancelToken.ThrowIfCancellationRequested();
yield return(prop);
}
else
{
fileEnumCount.IncrementFailedCount();
parameters.CancelToken.ThrowIfCancellationRequested();
}
}
yield break;
}
private static FileEnumeratorReport Worker(FileEnumeratorParameters parameters)
{
TimingMetrics timingMetrics = new TimingMetrics();
FailSuccessCount fileEnumCount = new FailSuccessCount("OS files enumerated");
FailSuccessCount databaseInsertCount = new FailSuccessCount("OS database rows updated");
try
{
parameters.CancelToken.ThrowIfCancellationRequested();
StringBuilder currentPath = new StringBuilder(parameters.SelectedFolder);
string lastParent = currentPath.ToString();
string temp = currentPath.ToString();
if (temp.Contains(':') && (temp.Length == 2 || temp.Length == 3)) // Is a root directory, i.e. "C:" or "C:\"
{
lastParent = ".";
}
string drive = parameters.SelectedFolder[0].ToString().ToUpper();
timingMetrics.Start(TimingMetric.ParsingMFT);
List <DriveInfo> ntfsDrives = DriveInfo.GetDrives().Where(d => d.IsReady && d.DriveFormat == "NTFS").ToList();
DriveInfo driveToAnalyze = ntfsDrives.Where(dr => dr.Name.ToUpper().Contains(drive)).Single();
NtfsReader ntfsReader = new NtfsReader(driveToAnalyze, RetrieveMode.All);
IEnumerable <INode> mftNodes =
ntfsReader.GetNodes(driveToAnalyze.Name)
.Where(node => (node.Attributes &
(NtfsNodeAttributes.Device
| NtfsNodeAttributes.Directory
| NtfsNodeAttributes.ReparsePoint
| NtfsNodeAttributes.SparseFile
)) == 0) // This means that we DONT want any matches of the above NtfsNodeAttributes type
.Where(node => FileMatchesPattern(node.FullName, parameters.SearchPatterns));
//.OrderByDescending(n => n.Size);
if (parameters.SelectedFolder.ToCharArray().Length > 3)
{
string selectedFolderUppercase = parameters.SelectedFolder.ToUpperInvariant().TrimEnd(new char[] { '\\' });
mftNodes = mftNodes.Where(node => node.FullName.ToUpperInvariant().Contains(selectedFolderUppercase));
}
timingMetrics.Stop(TimingMetric.ParsingMFT);
IDataPersistenceLayer dataPersistenceLayer = parameters.DataPersistenceLayer;
foreach (INode node in mftNodes)
{
string message = $"MFT#: {node.MFTRecordNumber.ToString().PadRight(7)} Seq.#: {node.SequenceNumber.ToString().PadRight(4)} Path: {node.FullName}";
parameters.ReportAndLogOutputFunction.Invoke(message);
fileEnumCount.IncrementSucceededCount();
FileProperties prop = new FileProperties();
prop.PopulateFileProperties(parameters, parameters.SelectedFolder[0], node, timingMetrics);
// INSERT file properties into _DATABASE_
timingMetrics.Start(TimingMetric.PersistingFileProperties);
bool insertResult = dataPersistenceLayer.PersistFileProperties(prop);
if (insertResult)
{
databaseInsertCount.IncrementSucceededCount();
}
else
{
databaseInsertCount.IncrementFailedCount();
}
timingMetrics.Stop(TimingMetric.PersistingFileProperties);
parameters.CancelToken.ThrowIfCancellationRequested();
}
dataPersistenceLayer.Dispose();
FileProperties.CleanUp();
}
catch (OperationCanceledException)
{ }
return(new FileEnumeratorReport(new List <FailSuccessCount> {
fileEnumCount, databaseInsertCount
}, timingMetrics));
}
private static List <FailSuccessCount> Worker(FileEnumeratorParameters parameters)
{
fileEnumCount = new FailSuccessCount("OS files enumerated");
databaseInsertCount = new FailSuccessCount("OS database rows updated");
directoryEnumCount = new FailSuccessCount("directories enumerated");
try
{
parameters.CancelToken.ThrowIfCancellationRequested();
StringBuilder currentPath = new StringBuilder(parameters.SelectedFolder);
string lastParent = currentPath.ToString();
string temp = currentPath.ToString();
if (temp.Contains(':') && (temp.Length == 2 || temp.Length == 3)) // Is a root directory, i.e. "C:" or "C:\"
{
lastParent = ".";
}
string drive = parameters.SelectedFolder[0].ToString();
List <DriveInfo> ntfsDrives = DriveInfo.GetDrives().Where(d => d.DriveFormat == "NTFS").ToList();
DriveInfo driveToAnalyze = ntfsDrives.Where(dr => dr.Name.ToUpper().Contains(drive.ToUpper())).Single();
IEnumerable <INode> mftNodes = MftHelper.EnumerateMft(driveToAnalyze);
if (parameters.SelectedFolder.ToCharArray().Length > 3)
{
string selectedFolderUppercase = parameters.SelectedFolder.ToUpperInvariant().TrimEnd(new char[] { '\\' });
mftNodes = mftNodes.Where(node => node.FullName.ToUpperInvariant().Contains(selectedFolderUppercase));
}
foreach (INode node in mftNodes)
{
// File _PATTERN MATCHING_
if (FileMatchesPattern(node.FullName, parameters.SearchPatterns))
{
string message = $"MFT#: {node.MFTRecordNumber.ToString().PadRight(7)} Seq.#: {node.SequenceNumber.ToString().PadRight(4)} Path: {node.FullName}";
if (parameters.LogOutputFunction != null)
{
parameters.LogOutputFunction.Invoke(message);
}
if (parameters.ReportOutputFunction != null)
{
parameters.ReportOutputFunction.Invoke(message);
}
fileEnumCount.IncrementSucceededCount();
parameters.CancelToken.ThrowIfCancellationRequested();
FileProperties prop = new FileProperties();
prop.PopulateFileProperties(parameters, parameters.SelectedFolder[0], node);
parameters.CancelToken.ThrowIfCancellationRequested();
// INSERT file properties into _DATABASE_
bool insertResult = FilePropertiesAccessLayer.InsertFileProperties(prop);
if (insertResult)
{
databaseInsertCount.IncrementSucceededCount();
}
else
{
databaseInsertCount.IncrementFailedCount();
}
}
else
{
if (parameters.LogOutputFunction != null)
{
parameters.LogOutputFunction.Invoke($"FileMatchingPattern returned false: \"{node.FullName}\"");
}
fileEnumCount.IncrementFailedCount();
}
parameters.CancelToken.ThrowIfCancellationRequested();
}
}
catch (OperationCanceledException)
{ }
return(new List <FailSuccessCount> {
fileEnumCount, databaseInsertCount, directoryEnumCount
});
}
