Note:I translated Japanese into English using Google Translate.
Thank you, Google. 

Use $LogFile to check overwriting of the cluster. 
Two images are used for the test. These two image files are almost the same size.

Copy Dragonfly.jpg to formatted F drive.

Check the cluster number of Dragonfly.jpg with the $DATA attribute. Dragonfly.jpg FILE record number is 43, $DATA is Non-Resident and is using cluster number 1993.

Delete Dragonfly.jpg and overwrite the FILE record. Overwriting FILE records may not be necessary.
If you are lucky, simply create a new file and the cluster will be overwritten.
Unfortunately, I tried it many times...

Copy Butterfly to formatted F drive.

Check the cluster number of Butterfly.jpg with the $DATA attribute. Butterfly.jpg FILE record number is 44, $DATA is Non-Resident and is using cluster number 1993.
Cluster 1993 has been reassigned.

Parse $LogFile using LogFileParser.

Check the parse result LogFile.csv.
FILE record number 43 and 44 are displayed. The DataRun value is listed in the lf_DT_DataRuns column.

Dragonfly.jpg lf_DT_DataRuns

216EC90700000000
1 ⇒ 6E ⇒ length⇒110
2 ⇒ C907 ⇒ First cluster number ⇒ 1993

Butterfly.jpg lf_DT_DataRuns

216FC90700000000
1 ⇒ 6F ⇒ length ⇒111
2 ⇒ C907 ⇒ First cluster number ⇒ 1993

By checking "lf_DT_DataRuns" in $LogFile, we were able to confirm that the cluster was reassigned.

This is butterfly effe...

Verification environment: Windows 10 1083

Reference URL:

github.com