A command-line utility for NTFS/ReFS to search the MFT and monitor changes in the USN Journal.
Note: 🦀 I've also created a Rust port: usn-parser-rs, which is more performant and uses significantly less memory.
This project requires .NET 8 to be installed to build and run.
Latest version can be downloaded from the releases/latest page.
Usage: UsnParser [command] [options]
Options:
--version Show version information.
-h|--help Show help information.
Commands:
monitor Monitor real-time USN journal changes
read Read history USN journal entries
search Search the Master File Table
Run 'UsnParser [command] -h|--help' for more information about a command.
# 🔍 Search through Master File Table of volume D, print out all the files whose extension is ".xlsx".
UsnParser search D: -f *.xlsx# 📄 Print out the change history for file "Report.docx" in the USN journal of volume D.
UsnParser read D: -f Report.docx# 👀 Monitor real-time USN records of volume C.
UsnParser monitor C: # 📝 Monitor real-time USN records of volume C with a filter for txt files whose name starts with "abc".
UsnParser monitor C: -f abc*.txt Contributions, issues, and feature requests are welcome! Feel free to open an issue or submit a pull request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a pull request
This project is licensed under the MIT License. See the LICENSE file for details.