Skip to content
/ UsnParser Public

A command utility to read and monitor the NTFS/ReFS USN change Journal.

License

MIT license
13 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wangfu91/UsnParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
UsnParser
UsnParser
 
 
.gitignore
.gitignore
 
 
Publish.ps1
Publish.ps1
 
 
README.md
README.md
 
 
UsnParser.sln
UsnParser.sln
 
 

Repository files navigation

NTFS USN Parser

A command utility to monitor and filter NTFS USN Journals.

Usage

NTFS USN Journal parser 0.1.1

A command utility to monitor and filter NTFS USN Journals.

Usage: UsnParser [options] <Volume>

Arguments:
  Volume          Volume pathname. <Required>

Options:
  --version       Show version information
  -?|-h|--help    Show help information
  -m|--monitor    Monitor real-time USN journal
  -s|--search     Search NTFS Master File Table
  -f|--filter     Filter USN journal by entry name
  -fo|--FileOnly  Get only the file entries
  -do|--DirOnly   Get only the directory entries

Example

# Search Master File Table of volume C, print out all paths who's file name is "Readme.md"
UsnParser -s -f "Readme.md" C: 
# Print out all the USN records of file "Readme.md" in volume C.
UsnParser -f "Readme.md" C: 
# Monitor realtime USN reacords of volume C.
UsnParser -m C: 
# Monitor realtime USN reacords of volume C, only print out txt files whose name starts with "abc".
UsnParser -r C: -f abc*.txt

Dependencies

About

A command utility to read and monitor the NTFS/ReFS USN change Journal.

Topics

ntfs refs usn change-journal fs-monitoring

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 6

Release-v0.2.0 Latest
Nov 15, 2023
+ 5 releases

Languages