Can anyone recommend a tool for MFT cleanup? I want to in my MFT restore the entries for files which once existed but have been deleted to a "pristine" state, with zeroed out entries.
This paper by Hal Berghel and David Hoelzer lists a whole bunch of products which claim to securely erase files. MFT cleaning is a feature of some of them. The paper concludes that only one product, Evidence Eliminator, actually does cleanup the MFT properly.
PGP Corp responds here to criticism of its own product, PGP Shred. Apparently it has an advanced option, "Wipe NTFS Internal Data Structures" which will clean the MFT, although this option is not enabled by default.
I've used PGP Shred myself so to some extent I can recommend it, but I confess I've never checked whether the MFT wiping feature actually works as described.
Clearly vendors sometimes overstate the abilities of their software, so your mileage may vary. If it's really important to you that the MFT entries are properly wiped, you may want to run disk forensics tools over your disk post-wipe - some ideas on how to do this are in the Berghel and Hoelzer paper.