@@ -234,17 +234,24 @@ def _generator(self):
234234 )
235235
236236 def generate_timeline (self ):
237- for row in self ._generator ():
238- _depth , row_data = row
239-
240- # Only Output FN Records
241- if row_data [6 ] in ("FILE_NAME" , "STANDARD_INFORMATION" ):
242- filename = row_data [- 1 ]
243- description = f"MFT { row_data [6 ]} { filename }
244- yield (description , timeliner .TimeLinerType .CREATED , row_data [7 ])
245- yield (description , timeliner .TimeLinerType .MODIFIED , row_data [8 ])
246- yield (description , timeliner .TimeLinerType .CHANGED , row_data [9 ])
247- yield (description , timeliner .TimeLinerType .ACCESSED , row_data [10 ])
237+ for record in self .enumerate_mft_records (
238+ self .context , self .config_path , self .config ["primary" ]
239+ ):
240+ fname = record .longest_filename ()
241+
242+ for _ , item in self .parse_standard_information_records (record ):
243+ description = f"MFT { item .attribute_type } { fname }
244+ yield (description , timeliner .TimeLinerType .CREATED , item .created )
245+ yield (description , timeliner .TimeLinerType .MODIFIED , item .modified )
246+ yield (description , timeliner .TimeLinerType .CHANGED , item .updated )
247+ yield (description , timeliner .TimeLinerType .ACCESSED , item .accessed )
248+
249+ for _ , item in self .parse_filename_records (record ):
250+ description = f"MFT { item .attribute_type } { item .filename }
251+ yield (description , timeliner .TimeLinerType .CREATED , item .created )
252+ yield (description , timeliner .TimeLinerType .MODIFIED , item .modified )
253+ yield (description , timeliner .TimeLinerType .CHANGED , item .updated )
254+ yield (description , timeliner .TimeLinerType .ACCESSED , item .accessed )
248255
249256 def run (self ):
250257 return renderers .TreeGrid (
0 commit comments