Enable ntfs_forensics to differentiate between renamed & deleted files

[mike-myers-tob]

Differentiating between entries from renamed files and entries from deleted files in ntfs_indx_data table:

since directory indices are filename-based, renaming a file will in effect cause the old entry to be marked as inactive, and create a new entry in the index. Differentiating a renamed file from a deleted one will require additional analysis.

It might take some studying to know whether it can be done. If it's just not feasible, then it could be addressed as a note in the extension's README.