Skip to content
/ UsnParser Public

A command utility to read and monitor the NTFS/ReFS USN change Journal.

License

MIT license
13 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wangfu91/UsnParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
UsnParser
UsnParser
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
UsnParser.sln
UsnParser.sln
 
 
publish.ps1
publish.ps1
 
 

Repository files navigation

NTFS USN Parser

A command utility for NTFS to search the MFT & monitoring the changes of USN Journal.

Usage

NTFS USN Journal parser 0.1.3

A command utility for NTFS to search the MFT & monitoring the changes of USN Journal.

Usage: UsnParser [command] [options]

Options:
  --version  Show version information.
  -h|--help  Show help information.

Commands:
  monitor    Monitor real-time USN journal changes
  read       Read history USN journal entries
  search     Search the Master File Table

Run 'UsnParser [command] -h|--help' for more information about a command.

Example

# Search Master File Table of volume C, print out all paths who's file name is "Readme.md"
UsnParser search C: Readme.md 
# Print out all the USN records of file "Readme.md" in volume C.
UsnParser read C: -f Readme.md 
# Monitor realtime USN reacords of volume C.
UsnParser monitor C: 
# Monitor realtime USN reacords of volume C, only print out txt files whose name starts with "abc".
UsnParser monitor C: -f abc*.txt

Dependencies

About

A command utility to read and monitor the NTFS/ReFS USN change Journal.

Topics

ntfs refs usn change-journal fs-monitoring

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 6

Release-v0.2.0 Latest
Nov 15, 2023
+ 5 releases

Languages