$UsnJrnl Viewer

42

DFIR Tools

Developer
License Type
Paid
Forensic Utilities - Windows
USNJournal
OSForensics™ includes an $UsnJrnl viewer that parses and displays the log records stored in the NTFS $UsnJrnl volume change journal. This information is useful for identifying suspect files (eg. malware) that no longer exist in the file system or $MFT. The USN journal is updated whenever changes to files and directories are made to a volume including:

User comments

There are no user comments for this listing.