-
Notifications
You must be signed in to change notification settings - Fork 274
UsnJrnl Class
Jared Atkinson edited this page Nov 5, 2015
·
5 revisions
public class UsnJrnl
{
// Properties
public readonly string VolumePath;
public readonly Version Version;
public readonly ulong RecordNumber;
public readonly ushort FileSequenceNumber;
public readonly ulong ParentFileRecordNumber;
public readonly ushort ParentFileSequenceNumber;
public readonly ulong Usn;
public readonly DateTime TimeStamp;
public readonly USN_REASON Reason;
public readonly USN_SOURCE SourceInfo;
public readonly uint SecurityId;
public readonly StandardInformation.ATTR_STDINFO_PERMISSION FileAttributes;
public readonly string FileName;
// Static Methods
public static UsnJrnl Get(string path, ulong usn)
public static UsnJrnl[] GetInstances(string volume)
public static UsnJrnl[] GetInstancesByPath(string path)
// Instance Methods
public FileRecord GetFileRecord()
public FileRecord GetParentFileRecord()
// Override Methods
public override string ToString()
}VolumePath -
Version -
RecordNumber -
FileSequenceNumber -
ParentFileRecordNumber -
ParentFileSequenceNumber -
Usn -
TimeStamp -
Reason -
SourceInfo -
SecurityId -
FileAttributes -
FileName -
| Name | Description |
|---|---|
| Get(string, ulong) | |
| GetInstances(string) | |
| GetInstancesByPath(string) | |
| GetFileRecord() | |
| GetParentFileRecord() | |
| ToString() |
Getting Started
- PowerForensics
- PowerForensics.Artifacts
- PowerForensics.Ntfs
- PowerForensics.Formats
- PowerForensics.Registry
- PowerForensics.Utilities
Cmdlets
- ConvertTo-ForensicTimeline
- Copy-ForensicFile
- Get-ForensicAlternateDataStream
- Get-ForensicAmcache
- Get-ForensicAttrDef
- Get-ForensicBitmap
- Get-ForensicBootSector
- Get-ForensicChildItem
- Get-ForensicContent
- Get-ForensicEventLog
- Get-ForensicFileRecord
- Get-ForensicFileRecordIndex
- Get-ForensicFileSlack
- Get-ForensicGuidPartitionTable
- Get-ForensicMasterBootRecord
- Get-ForensicMftSlack
- Get-ForensicNetworkList
- Get-ForensicPartitionTable
- Get-ForensicPrefetch
- Get-ForensicRegistryKey
- Get-ForensicRegistryValue
- Get-ForensicScheduledJob
- Get-ForensicSid
- Get-ForensicTimeline
- Get-ForensicTimezone
- Get-ForensicUnallocatedSpace
- Get-ForensicUserAssist
- Get-ForensicUsnJrnl
- Get-ForensicUsnJrnlInformation
- Get-ForensicVolumeBootRecord
- Get-ForensicVolumeInformation
- Get-ForensicVolumeName
- Invoke-ForensicDD