3 releases
Uses new Rust 2024
| 0.1.2 | Jun 4, 2025 |
|---|---|
| 0.1.1 | May 27, 2025 |
| 0.1.0 | May 16, 2025 |
#281 in Filesystem
136 downloads per month
13KB
177 lines
usn-parser
A command-line utility for searching the NTFS MFT and parsing NTFS/ReFS USN Change Journal on Windows.
β¨ Features
- π Monitor Real-time Changes: Keep an eye on USN journal entries as they happen.
- π Search MFT: Efficiently search the Master File Table for specific entries.
- π Read Journal Change History: Access and analyze historical USN journal data.
- π½ Flexible Filtering:
- Filter by keyword (wildcards supported).
- Show only files or only directories.
π₯ Installation
The crate has been published to crates.io, you can install it using Cargo:
cargo install usn-parser
Alternatively, you can download the latest release from the Releases page and run the executable directly.
π Usage
Note: Administrator privileges are required to access USN journals and the MFT.
Usage: usn-parser.exe <COMMAND>
Commands:
monitor Monitor real-time USN journal changes
search Search the Master File Table
read Read history USN journal entries
help Print this message or the help of the given subcommand(s)
Options:
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
π‘Examples
π Monitor real-time USN journal changes.
# Monitor drive C for real-time file changes, filtering for log files with the name prefix 'app':
usn-parser monitor C -f "app*.log" --file-only
π Search the MFT.
# Search the MFT of drive C, printing out all files with the extension `.xlsx`:
usn-parser search C -f "*.xlsx" --file-only
π Read history USN journal entries.
# Print out the change history for file 'report.docx' from the USN journal of drive D:
usn-parser read D -f "report.docx"
π€ Contributing
Contributions are welcome! Please feel free to submit a Pull Request or open an issue.
π License
This project is licensed under the terms of the MIT LICENSE.
Dependencies
~123MB
~2M SLoC