ChangeJournal free download, ChangeJournal download on software download

The ChangeJournal application was developed to be a small tool that will allow you to operate NTFS's Change Journal.The Change Journal is a database that contains a list of every change made to the files or directories on an NTFS 5.0 volume, that is, the Change Journal is a log file. The structure of Change Journal's record includes USN, Reason, Filename, ParentFileReferenceNumber and TimeStamp, etc. Let me explain them to you: - USN is ID - Reason is why the record is written, say, 'create' - Filename is merely name without path - ParentFileReferenceNumber is a foreign key to file's path - TimeStamp is the time when event happens With this information, we can know what happened to a file, the only problem is where to find the path of the file. There is no simple/easy way to get there as far as I know. Let's face it, NTFS is not a RDBMS, we can't use one 'select' sentence from relevant tables to get all we need. Although, in concept, ParentFileReferenceNumber is a foreign key. Well, what Window2000 provides us to get a FileReferenceNumber is using an opened handle to the file, the API is GetFileInformationByHandle. We have to search the whole directory tree to find what we want! -- That's why I feel tired for hard drive every time I push the 'Path detail' button. The other thing we should know is that the Change Journal is not available automatically. Somebody should activate/create it before using it. To archive functions on Change Journal, the key API is DeviceIoControl. To fulfill a retrieval of the Change Journal records, the basic steps are: - Open the Change Journal file handle using API CreateFile - Call DeviceIoControl using FSCTL_QUERY_USN_JOURNAL as the second parameter - Call DeviceIoControl using FSCTL_READ_USN_JOURNAL as the second parameter

ChangeJournal Related Software