NTFS下的USN日志文件

Advanced $UsnJrnl Forensics

http://forensicinsight.org/wp-content/uploads/2013/07/F-INSIGHT-Advanced-UsnJrnl-Forensics-English.pdf

 

Everything研究之读取NTFS下的USN日志文件(1)

http://www.voidcn.com/article/p-vbffmndo-rz.html

 

Everything研究之读取NTFS下的USN日志文件(2)

https://blog.csdn.net/xexiyong/article/details/16903471

 

USN_RECORD_V2结构

https://docs.microsoft.com/zh-cn/windows/desktop/api/winioctl/ns-winioctl-usn_record_v2

 

重新推出$ UsnJrnl

http://journeyintoir.blogspot.com/2013/01/re-introducing-usnjrnl.html

 

NTFS $ UsnJrnl Parser

https://www.guidancesoftware.com/app/NTFS-UsnJrnl-Parser

 

安全Braindump

http://www.securitybraindump.com/2011/07/dear-diary-today-i-was-infected-with.html

 

【技术分享】数字取证技术——NTFS更改日志

https://www.anquanke.com/post/id/86265