File timeline

Creation time ($FN)

The time and date the file was created, according to the NTFS $FILE_NAME attribute.

Path

The absolute path of the file.

Modification time ($FN)

The time and date the file was last modified, according to the NTFS $FILE_NAME attribute.

Access time ($FN)

The time and date the file was last accessed, according to the NTFS $FILE_NAME attribute.

Record time ($FN)

The time and date the file's MFT entry was last modified, according to the NTFS $FILE_NAME attribute (often reflects metadata changes).

Directory

The directory in which the file is located.

Filename

The name portion of the file path.

Inode

The number of the file system index node (often referred to as the MFT Record Number in NTFS).

File ID

The unique identifier value assigned to the file within the filesystem.

UID

The User ID (UID) of the file's owner.

Attributes

A string or set of flags defining the file's attributes (for example, Read-only, Hidden, System).

Symlink

An indication of whether the file path is a symbolic link.

Type

The type of the file entry (for example, regular file, directory, symbolic link).

Creation time ($STD)

The time and date the file was created, according to the NTFS $STANDARD_INFORMATION attribute.

Modification time ($STD)

The time and date the file was last modified, according to the NTFS $STANDARD_INFORMATION attribute.

Access time ($STD)

The time and date the file was last accessed, according to the NTFS $STANDARD_INFORMATION attribute.

MFT Change time ($STD)

The time and date the file's MFT entry was last modified, according to the NTFS $STANDARD_INFORMATION attribute.

Hard links

The number of hard links pointing to the file.

File version

The version number associated with the file, if available (often relevant for executables or libraries).

Size

The size of the file, typically measured in bytes.