I need to get any information about where the file is physically located on the NTFS disk. Absolute offset, cluster ID..anything. I need to scan the disk twice, once to get allocated files and one more time I'll need to open partition directly in RAW mode and try to find the rest of data (from deleted files). I need a way to understand that the data I found is the same as the data I've already handled previously as file. As I'm scanning disk in raw mode, the offset of the data I found can be somehow converted to the offset of the file (having information about disk geometry). Is there any way to do this? Other solutions are accepted as well. Now I'm playing with FSCTL_GET_NTFS_FILE_RECORD, but can't make it work at the moment and I'm not really sure it will help.

UPDATE

I found the following function http://msdn.microsoft.com/en-us/library/windows/desktop/aa364952(v=vs.85).aspx It returns structure that contains nFileIndexHigh and nFileIndexLow variables. Documentation says

The identifier that is stored in the nFileIndexHigh and nFileIndexLow members is called the file ID. Support for file IDs is file system-specific. File IDs are not guaranteed to be unique over time, because file systems are free to reuse them. In some cases, the file ID for a file can change over time.

I don't really understand what is this. I can't connect it to the physical location of file. Is it possible later to extract this file ID from MFT?

UPDATE

Found this: This identifier and the volume serial number uniquely identify a file. This number can change when the system is restarted or when the file is opened.

This doesn't satisfy my requirements, because I'm going to open the file and the fact that ID might change doesn't make me happy.

Any ideas?