Visit Website

The NTFS USN Change journal is a volume-specific log which records metadata changes to files. It is a treasure trove of information during a forensic investigation. The change journal is a named alternate data stream, located at: $Extend$UsnJrnl:$J. usn.py is a script written in Python which parses the journal's contents, and features several different output formats. Default Output With no command-line options set, usn.py will produce USN journal records in the format below: dev@computer:$ python usn.py -f usnjournal -o /tmp/usn.txt dev@computer:$ cat /tmp/usn.txt 2016-01-26 18:56:20.046268 | test.vbs | ARCHIVE | DATA_OVERWRITE DATA_EXTEND Command-Line Options optional arguments: -h, --help show this help message and exit -b, --body Return USN records in comma-separated format -c, --csv Return USN records in comma-separated format -f FILE, --file FILE Parse the given USN journal file -q, --quick Parse a large journal file quickly -s SYSTEM, --system SYSTEM System name (use with -t) -t, --tln TLN output (use with -s) -v, --verbose Return all USN properties for each record (JSON) --csv Using the CSV f

FEATURES

ALTERNATIVES

Open source Python library for NTFS analysis

A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

Python tool for remote memory acquisition

A reverse engineering framework with a focus on usability and code cleanliness

A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved