How to find out the original directory from the number in CHKDSK logs?

xio

New Member
From a log file in "C:\System Volume Information\Chkdsk\":
Deleted invalid filename Screenshot - 10112018 - 00:02:18 PM.png (793220) in directory 464.

I understand why the file name was recognized as invalid, due to the colons, which are unsupported by Windows. Looks like the screenshot was made on PartedMagic. But how to find out the actual path of directory 464?
 

Neemobeer

Principal Cybersecurity Architect
Staff member
You can try using the fsutil.
fsutil file queryFileNameByID C:\ <fileindex>

The fileindex needs to be in hex and 16 bytes long
Like 0x00112233445566778899aabbccddeeff

793220 is the decimal file index
 
Top