Skip to content
/ UsnParser Public

A command utility to read and monitor the NTFS/ReFS USN change Journal.

License

MIT license
14 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wangfu91/UsnParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
UsnParser
UsnParser
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
UsnParser.sln
UsnParser.sln
 
 
publish.ps1
publish.ps1
 
 

Repository files navigation

Windows USN Change Journal Parser

A command utility for NTFS/ReFS to search the MFT & monitoring the changes of USN Journal.

Download

Latest version can be downloaded from the releases/latest page.

Usage

Usage: UsnParser [command] [options]

Options:
  --version  Show version information.
  -h|--help  Show help information.

Commands:
  monitor    Monitor real-time USN journal changes
  read       Read history USN journal entries
  search     Search the Master File Table

Run 'UsnParser [command] -h|--help' for more information about a command.

Example

# Search through Master File Table of volume D, print out all the files who's extension is ".xlsx".
UsnParser search D: -f *.xlsx
# Print out the change history for file "Report.docx" in the USN journal of volume D.
UsnParser read D: -f Report.docx
# Monitor realtime USN reacords of volume C.
UsnParser monitor C: 
# Monitor realtime USN records of volume C with a filter for txt files whose name starts with "abc".
UsnParser monitor C: -f abc*.txt

Dependencies

About

A command utility to read and monitor the NTFS/ReFS USN change Journal.

Topics

ntfs refs usn change-journal fs-monitoring

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 7

Release-v0.2.1 Latest
Nov 5, 2024
+ 6 releases

Languages