usnjrnl
| Crates.io | usnjrnl |
| lib.rs | usnjrnl |
| version | 0.4.5 |
| source | src |
| created_at | 2021-10-20 13:44:42.806642 |
| updated_at | 2023-05-08 12:05:21.139779 |
| description | parses a $UsnJrnl file |
| homepage | https://www.github.com/janstarke/usnjrnl |
| repository | |
| max_upload_size | |
| id | 467923 |
| size | 120,970 |
Jan Starke (janstarke)
documentation
README
usnjrnl
Parses Windows $UsnJrnl files
This crate contains a library and a binary. If you only want to use the library in your crate, use default-features=false
in your Cargo.toml:
[dependencies]
usnjrnl = {version="0.3.0", default-features=false }
Installation
cargo install usnjrnl
Usage
usnjrnl_dump binary
USAGE:
usnjrnl_dump [FLAGS] <USNJRNL_FILE>
FLAGS:
-b, --bodyfile output as bodyfile instead of JSON
-h, --help Prints help information
-V, --version Prints version information
ARGS:
<USNJRNL_FILE> path to $UsnJrnl:$J file (file ending with .gz will be treated as being gzipped)
I suggest to always correlate MFT entry numbers to entries in a real $MFT file. This can be done automatically with https://github.com/janstarke/mft2bodyfile.
usnjrnl library
use usnjrnl::{UsnJrnlReader, CommonUsnRecord, UsnRecordData};
let reader = UsnJrnlReader::from("$UsnJrnl:$J")?;
for entry in reader.into_iter() {
match entry {
Ok(e) => {
println!("{}: {}",
e.data.filename(),
e.data.reasons();
}
Err(why) => {
log::error!("{}", why);
}
}
}