A command utility to read and monitor the NTFS/ReFS USN change Journal.
-
Updated
May 27, 2026 - C#
#
change-journal
Here are 4 public repositories matching this topic...
ARIN is Awesome ReFS Investigation tool
-
Updated
Aug 9, 2020 - Python
Although, reading Change Journal in windows by C++, this library should keep esay to use.
-
Updated
Jun 5, 2022 - Rust
From-scratch NTFS reader (ntfs-core: MFT, attributes, indexes, data runs, LZNT1, $UsnJrnl:$J change journal over Read+Seek) plus a graded anomaly auditor (ntfs-forensic: timestomping, alternate data streams, deleted records, MFT/LogFile tamper checks) — panic-free, fuzzed, no unsafe
rust security filesystem incident-response forensics dfir ntfs digital-forensics anti-forensics mft change-journal alternate-data-streams disk-forensics usn-journal timestomping rust-forensics
-
Updated
Jun 10, 2026 - Rust
Improve this page
Add a description, image, and links to the change-journal topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the change-journal topic, visit your repo's landing page and select "manage topics."