v2.0.0.53

• Added new logging of all $DATA changes both redo and undo operations in a new output LogFile_Mft_Data.txt.
• Display a message box upon startup if spaces are detected in program path, which is not supported.
• Expanded the main csv LogFile.csv to include new columns for lf_MftHdrSeq, lf_MftHdrLsn and lf_MftHdrFlags, as resolved trough $MFT header in InitializeFileRecordSegment and DeallocateFileRecordSegment.
• Added support for InitializeFileRecordSegment to LogFile_Mft_StandardInformation.csv.
• Expanded columns in LogFile_Mft_StandardInformation.csv to include current_operation (UpdateResidentValue or InitializeFileRecordSegment), and sequence number (applicable for InitializeFileRecordSegment).
• A roughly 10% performance improvement in the reconstruction of dataruns.
• Sql files updated according to new schema.

v2.0.0.52

Changed output structure for UpdateFileNameAllocation in LogFile_UpdateFileName_I30.csv.
New output for UpdateResidentValue for STANDARD_INFORMATION, as LogFile_Mft_StandardInformation.csv.
Fixed several bugs in the handling of partial STANDARD_INFORMATION updates.
Fixed bugs relating to older NT style records.

v2.0.0.51

Improved support for decoding of single index entry updates for $Secure:$SDH and $Secure:$SII.
Improved support for decoding of single index entry updates (both redo and undo) for $Reparse:$R and $ObjId:$O.
Fixed a bug that could cause an app crash with partial security data from $Secure:$SDS.
Fixed a bug that could cause an infinite loop with partial security data from $Secure:$SDS.
Improved error handling in $UsnJrnl records parsing which eliminates some corrupt entries and improves detection of "filling to page boundary" entries.
Improved error handling in $Secure:$SDS handling which eliminates some corrupt entries and leading to more accurate debug logs as well as some minor improvements to accuracy in LogFile.csv.
Fixed incorrect references in lf_TextInformation form LogFile_UndoWipe_INDX_I30.csv to LogFile_INDX_I30.csv.
Minor improvement to filename association.
Improved performance yielding roughly a 20% decrease in processing time.
Improved decoding of DeleteAttribute through better handling of CreateAttribute in the undo operation.
Fixed a small bug in the handling of INDEX_ROOT attributes with type $I30.
Added support for dumping of previous $DATA with DeleteAttribute operations and resident content.

v2.0.0.50

Performance improvements cutting the processing time in half.
Several minor bugfixes related to the sqlite handling.
Relocated libraries into Lib folder.
Updated sqlite binaries to latest 3.42.
Bugfixes related to UpdateFileName
Updates to reparse tags.
Improvements in the attribute identification and association.
Extended the indx i30 schema to incorporate EaSize.
Various improvements in name association.
Better $I30 handling.

v2.0.0.49

Changed license to MIT.
Fixed GUI bug.
Updated schema for mft to be compatible with latest mft2csv.
Now compiled with current autoit 3.3.16.1.
Verified and included updated sqlite binaries v 3.40.0.0.