USN-Journal-Parser Logo

USN-Journal-Parser

Python script to parse the NTFS USN Change Journal.

115
Security Operations
Free
Visit website
0

USN-Journal-Parser Description

The NTFS USN Change journal is a volume-specific log which records metadata changes to files. It is a treasure trove of information during a forensic investigation. The change journal is a named alternate data stream, located at: $Extend$UsnJrnl:$J. usn.py is a script written in Python which parses the journal's contents, and features several different output formats. Default Output With no command-line options set, usn.py will produce USN journal records in the format below: dev@computer:$ python usn.py -f usnjournal -o /tmp/usn.txt dev@computer:$ cat /tmp/usn.txt 2016-01-26 18:56:20.046268 | test.vbs | ARCHIVE | DATA_OVERWRITE DATA_EXTEND Command-Line Options optional arguments: -h, --help show this help message and exit -b, --body Return USN records in comma-separated format -c, --csv Return USN records in comma-separated format -f FILE, --file FILE Parse the given USN journal file -q, --quick Parse a large journal file quickly -s SYSTEM, --system SYSTEM System name (use with -t) -t, --tln TLN output (use with -s) -v, --verbose Return all USN properties for each record (JSON) --csv Using the CSV f

FEATURED

Proton Pass Logo

Password manager with end-to-end encryption and identity protection features

NordVPN Logo

VPN service providing encrypted internet connections and privacy protection

Mandos Fractional CISO Services Logo

Fractional CISO services for B2B companies to accelerate sales and compliance

Stay Updated with Mandos Brief

Get the latest cybersecurity updates in your inbox

POPULAR

RoboShadow Logo

Automated vulnerability assessment and remediation platform

10
TestSavantAI Logo

Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.

5
Cybersec Feeds Logo

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.

5
Fabric Platform by BlackStork Logo

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

5
Mandos Brief Newsletter Logo

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

5
View Popular Tools →