{ "info": { "author": "Adam Witt", "author_email": "accidentalassist@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Information Technology", "License :: OSI Approved :: Apache Software License", "Topic :: Security" ], "description": "USN-Journal-Parser\n==================== \nPython script to parse the NTFS USN Change Journal\n\nDescription\n-------------\nThe NTFS USN Change journal is a volume-specific log which records metadata changes to files. It is a treasure trove of information during a forensic investigation. The change journal is a named alternate data stream, located at: $Extend\\\\$UsnJrnl:$J. usn.py is a script written in Python which parses the journal's contents, and features several different output formats.\n\nDefault Output\n----------------\nWith no command-line options set, usn.py will produce USN journal records in the format below:\n\n::\n\n dev@computer:$ python usn.py -f usnjournal -o /tmp/usn.txt\n dev@computer:$ cat /tmp/usn.txt\n\n 2016-01-26 18:56:20.046268 | test.vbs | ARCHIVE | DATA_OVERWRITE DATA_EXTEND \n\nCommand-Line Options\n-----------------------\n\n::\n\n optional arguments:\n -h, --help show this help message and exit\n -b, --body Return USN records in comma-separated format\n -c, --csv Return USN records in comma-separated format\n -f FILE, --file FILE Parse the given USN journal file\n -q, --quick Parse a large journal file quickly\n -s SYSTEM, --system SYSTEM\n System name (use with -t)\n -t, --tln TLN output (use with -s)\n -v, --verbose Return all USN properties for each record (JSON)\n\n**--csv**\n\nUsing the CSV flag will, as expected, provide results in CSV format. Using the --csv / -c option provides the same USN fields as default output:\n\n* Timestamp\n* Filename\n* File attributes\n* Reason\n\nAn example of what this looks like is below:\n\n::\n\n dev@computer:~$python usn.py --csv -f usnjournal -o /tmp/usn.txt\n dev@computer:~$ cat /tmp/usn.txt\n\n timestamp,filename,fileattr,reason\n 2015-10-09 21:37:58.836242,A75BFDE52F3DD8E6.dat,ARCHIVE NOT_CONTENT_INDEXED,DATA_EXTEND FILE_CREATE\n\n**--body**\n\nUsing the --body / -b command-line flag, the script will output in mactime body format:\n\n::\n\n dev@computer:~$ python usn.py -f usnjournal --body\n\n 0|schedule log.xml (USN: DATA_EXTEND DATA_TRUNCATION CLOSE)|24603-1|0|0|0|0|1491238176|1491238176|1491238176|1491238176\n\n**--tln / -t**\n\nUsing the --tln / -t command-line flag, the script will output in TLN body format:\n\n::\n\n dev@computer:~$ python usn.py -f usnjournal --tln\n\n 1491238176|USN|||schedule log.xml:DATA_EXTEND DATA_TRUNCATION CLOSE\n\n\nAdd the --system / -s flag to specify a system name with TLN output:\n\n::\n\n dev@computer:~$ python usn.py -f usnjournal --tln --system ThisIsASystemName\n\n 1491238176|USN|ThisIsASystemName||schedule log.xml:DATA_EXTEND DATA_TRUNCATION CLOSE\n\n**--verbose**\n\nReturn all USN members for each record with the --verbose / -v flag. The results are JSON-formatted.\n\n::\n\n dev@computer:~$python usn.py --verbose -f usnjournal -o /tmp/usn.txt\n dev@computer:~$cat /tmp/usn.txt\n\n {\n \"majorVersion\": 2,\n \"minorVersion\": 0,\n \"fileReferenceNumber\": 281474976744952,\n \"parentFileReferenceNumber\": 844424930165539,\n \"usn\": 47265504,\n \"timestamp\": 1467312724,\n \"reason\": \"SECURITY_CHANGE\",\n \"sourceInfo\": 0,\n \"securityId\": 0,\n \"fileAttributes\": \"HIDDEN SYSTEM ARCHIVE\",\n \"filenameLength\": 22,\n \"filenameOffset\": 60,\n \"filename\": \"493fde4.rbf\",\n \"humanTimestamp\": \"2016-06-30 18:52:04.456762\",\n \"epochTimestamp\": 1467312724,\n \"mftSeqNumber\": 1,\n \"mftEntryNumber\": 34296,\n \"pMftSeqNumber\": 3,\n \"pMftEntryNumber\": 33571\n }\n\nInstallation\n--------------\nUsing setup.py:\n\n::\n \n python setup.py install\n \nUsing pip:\n\n::\n \n pip install usnparser\n\n+----------------------------------------------------------------------------------------+\n| Travis-CI |\n+========================================================================================+\n| .. image:: https://travis-ci.org/PoorBillionaire/USN-Journal-Parser.svg?branch=master |\n| :target: https://travis-ci.org/PoorBillionaire/USN-Journal-Parser |\n+----------------------------------------------------------------------------------------+", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/PoorBillionaire/USN-Journal-Parser", "keywords": "", "license": "Apache Software License", "maintainer": "", "maintainer_email": "", "name": "usnparser", "package_url": "https://pypi.org/project/usnparser/", "platform": "", "project_url": "https://pypi.org/project/usnparser/", "project_urls": { "Homepage": "https://github.com/PoorBillionaire/USN-Journal-Parser" }, "release_url": "https://pypi.org/project/usnparser/4.1.4/", "requires_dist": null, "requires_python": "", "summary": "A Python script to parse the NTFS USN journal", "version": "4.1.4" }, "last_serial": 4591460, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "84550fc9cfc60248cfe18332167e11c5", "sha256": "e6d0db1bc6ce37e6fb58a02af88a4d0e6238331d823203bf3902e4f0f6631ddd" }, "downloads": -1, "filename": "usnparser-1.0.0.tar.gz", "has_sig": false, "md5_digest": "84550fc9cfc60248cfe18332167e11c5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8061, "upload_time": "2015-12-10T07:09:57", "url": "https://files.pythonhosted.org/packages/66/89/637064624ab014f9d9e96ebeebbe762d685d44ef4eb50f332ebc5e04da3c/usnparser-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "fd75014aebf2c6d010f35caa8c463f7d", "sha256": "de8d5cee42f628172bd5c7a3470a2fca773f2e05d5bfba482b96ffe259dbc046" }, "downloads": -1, "filename": "usnparser-1.0.1.tar.gz", "has_sig": false, "md5_digest": "fd75014aebf2c6d010f35caa8c463f7d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4857, "upload_time": "2015-12-10T07:12:46", "url": "https://files.pythonhosted.org/packages/6b/19/cf63f0f77bac7dc06e44ce7d238dc89aa303eda753124d0c37afda307b34/usnparser-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "77906a6acf648992d2e84ab9ec305368", "sha256": "574c4d34e7a6a8cf52aa9cdf6111d967a560f00b622e0a1fe017fd8f7ebafd4f" }, "downloads": -1, "filename": "usnparser-1.0.2.tar.gz", "has_sig": false, "md5_digest": "77906a6acf648992d2e84ab9ec305368", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4857, "upload_time": "2015-12-10T07:14:42", "url": "https://files.pythonhosted.org/packages/7b/52/e19b2ad7ca034c7ea4d2837fe8c545115646821863389078c5a332f4d01d/usnparser-1.0.2.tar.gz" } ], "1.0.3": [ { "comment_text": "", "digests": { "md5": "64575bdb23213ac3942b02e0e8114fe0", "sha256": "3babe6ab9558f5841800d02732ff22128d78d2389f4340fa6e40f6e6cb108e87" }, "downloads": -1, "filename": "usnparser-1.0.3.tar.gz", "has_sig": false, "md5_digest": "64575bdb23213ac3942b02e0e8114fe0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8017, "upload_time": "2015-12-10T07:19:55", "url": "https://files.pythonhosted.org/packages/18/06/0cabdbb9d5fe1025fbcd9abfcaca34b0780b8cdb43a6174e4b7c5963b836/usnparser-1.0.3.tar.gz" } ], "1.0.4": [ { "comment_text": "", "digests": { "md5": "3accf4c56a1c04ebb29ac901c7e0379e", "sha256": "ed4680efefb8b981c515f852ba97fb0bca09afa2c439fb7e0444fbf090f7b8b0" }, "downloads": -1, "filename": "usnparser-1.0.4.tar.gz", "has_sig": false, "md5_digest": "3accf4c56a1c04ebb29ac901c7e0379e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8018, "upload_time": "2015-12-18T22:26:57", "url": "https://files.pythonhosted.org/packages/c3/52/bf19ddfaf2e505a24159eeff3d5040ceca1ae25bf96590fc1a274781a85d/usnparser-1.0.4.tar.gz" } ], "1.0.5": [ { "comment_text": "", "digests": { "md5": "78e871082f66311aec4f3acd948fc9f1", "sha256": "82934d1bb40f825eacfd60b2b769499632cb94a5e88c5edf8e5d92ab5d4fe09f" }, "downloads": -1, "filename": "usnparser-1.0.5.tar.gz", "has_sig": false, "md5_digest": "78e871082f66311aec4f3acd948fc9f1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7712, "upload_time": "2015-12-31T22:05:57", "url": "https://files.pythonhosted.org/packages/aa/43/059b3a2f41a6dbfad50ecebd80e9407a8e50f8ae123e7f4c466cb6b23642/usnparser-1.0.5.tar.gz" } ], "1.0.6": [ { "comment_text": "", "digests": { "md5": "8c2bbe8a6e92c0a3de830249799138cd", "sha256": "5f3a8c53440f225e488eb7064bf43551d470f2d8e1bdd7279c935c6bd75e97f1" }, "downloads": -1, "filename": "usnparser-1.0.6.tar.gz", "has_sig": false, "md5_digest": "8c2bbe8a6e92c0a3de830249799138cd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7194, "upload_time": "2016-01-25T22:18:12", "url": "https://files.pythonhosted.org/packages/56/91/fd775ce8cdcced2f337a4c71cf7ed1f4973b5b4e23c1bb98db34d64add08/usnparser-1.0.6.tar.gz" } ], "1.0.7": [ { "comment_text": "", "digests": { "md5": "ad109044d62c3ebb16dd8460503d536f", "sha256": "e4f44dda011a22143b2d7735366e78aeba45afb89df27bfce679bb783a7f53b2" }, "downloads": -1, "filename": "usnparser-1.0.7.tar.gz", "has_sig": false, "md5_digest": "ad109044d62c3ebb16dd8460503d536f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7195, "upload_time": "2016-01-25T22:20:42", "url": "https://files.pythonhosted.org/packages/20/fe/3da33e4a8c63859ba0ca498371d308276f180d4db97784233288882de6aa/usnparser-1.0.7.tar.gz" } ], "2.0.0": [ { "comment_text": "", "digests": { "md5": "34385353f66e08945549bff38063017a", "sha256": "911e45c2a611d7af147dd95f8d1c5dd30bac370dd7a9a2a44ed5525e7b91db0c" }, "downloads": -1, "filename": "usnparser-2.0.0.tar.gz", "has_sig": false, "md5_digest": "34385353f66e08945549bff38063017a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6489, "upload_time": "2016-01-27T22:10:42", "url": "https://files.pythonhosted.org/packages/21/a1/0da6e757267b3700b3f6d2bd381700fd75ceff5ae36ecc16ec0a2e72fad2/usnparser-2.0.0.tar.gz" } ], "2.0.1": [ { "comment_text": "", "digests": { "md5": "288ab5f12d742802c2b18df9b271c18d", "sha256": "9881500b14cfcf8bc2cc3911c83f38cf76878437ff620eb3ace6ed6cd310343f" }, "downloads": -1, "filename": "usnparser-2.0.1.tar.gz", "has_sig": false, "md5_digest": "288ab5f12d742802c2b18df9b271c18d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6790, "upload_time": "2016-01-27T22:54:52", "url": "https://files.pythonhosted.org/packages/b8/93/24f47cd4bafe11b716a06098b1ff0e61f5c97bbe84699f0029bdafce6ae2/usnparser-2.0.1.tar.gz" } ], "2.0.2": [ { "comment_text": "", "digests": { "md5": "2d6c8f4d6daddbd5e729b931c6d60a41", "sha256": "b8328729023458de1d744e19c62b5d15513f2d966f15f5e165ede0740e250a98" }, "downloads": -1, "filename": "usnparser-2.0.2.tar.gz", "has_sig": false, "md5_digest": "2d6c8f4d6daddbd5e729b931c6d60a41", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6797, "upload_time": "2016-01-29T22:02:55", "url": "https://files.pythonhosted.org/packages/13/d1/7d4e44de89bfb2d66ed090a5d8fda357570267c2302b3fab6197e21e660e/usnparser-2.0.2.tar.gz" } ], "2.0.3": [ { "comment_text": "", "digests": { "md5": "321c1618e59b89312da87bf44506ecad", "sha256": "549315ef97cc12b0c08e45b6ff93d7d1a8b87f2350735c862d0a37999ee8477b" }, "downloads": -1, "filename": "usnparser-2.0.3.tar.gz", "has_sig": false, "md5_digest": "321c1618e59b89312da87bf44506ecad", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6796, "upload_time": "2016-01-29T22:06:55", "url": "https://files.pythonhosted.org/packages/b6/11/a9a8126706714acf6224b443fb6a01015eea1df8366f5213afa01f8e256b/usnparser-2.0.3.tar.gz" } ], "2.0.4": [ { "comment_text": "", "digests": { "md5": "8ca61793fd49cfe582b0ef59e7825e74", "sha256": "86e6ca8193706021f6443f8a6fc19696fa8f6ef6b29b8cc7f289bcef9d2d54b9" }, "downloads": -1, "filename": "usnparser-2.0.4.tar.gz", "has_sig": false, "md5_digest": "8ca61793fd49cfe582b0ef59e7825e74", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6677, "upload_time": "2016-04-12T02:59:20", "url": "https://files.pythonhosted.org/packages/28/e1/2607eb6708f7691c324028e397a7f18f9553a1fe16bfaeb5e527500a7f65/usnparser-2.0.4.tar.gz" } ], "3.0.0": [], "3.0.1": [ { "comment_text": "", "digests": { "md5": "0a1e1cda2d6cae99561cb9141f365ec4", "sha256": "82f54637bdfcc5882ec9ad46187be302fc26cccfae275c30a22914fc23e43f14" }, "downloads": -1, "filename": "usnparser-3.0.1.tar.gz", "has_sig": false, "md5_digest": "0a1e1cda2d6cae99561cb9141f365ec4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6521, "upload_time": "2017-04-13T01:11:27", "url": "https://files.pythonhosted.org/packages/f6/8b/5ee9a0c690f2b579d3ea22262cadfeb510462ef53bd46aa0e1e32e3edda5/usnparser-3.0.1.tar.gz" } ], "3.0.2": [ { "comment_text": "", "digests": { "md5": "5a4cec001b07ee7f42962361b512ecf4", "sha256": "74fc3d1a1c9b9fbc1f763423dcac27e1ebd6e4e02af87608dd0dcb2392f86fc6" }, "downloads": -1, "filename": "usnparser-3.0.2.tar.gz", "has_sig": false, "md5_digest": "5a4cec001b07ee7f42962361b512ecf4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6838, "upload_time": "2017-04-14T21:25:55", "url": "https://files.pythonhosted.org/packages/2a/67/f3c1f446c0cd305bd848a324979af6b28268b2733a34ead338fe4f2858ed/usnparser-3.0.2.tar.gz" } ], "4.0.0": [ { "comment_text": "", "digests": { "md5": "2ccc54f61c1eea381221fe584c86cba3", "sha256": "6d18132404106110882211fe78916663917ecb66ae4ce584dbd78b124a18bd4f" }, "downloads": -1, "filename": "usnparser-4.0.0.tar.gz", "has_sig": false, "md5_digest": "2ccc54f61c1eea381221fe584c86cba3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5462, "upload_time": "2017-04-24T00:02:42", "url": "https://files.pythonhosted.org/packages/7b/52/5d42a184f83a5e615fe6a442f303d276d13f90b6dd0f7e92906575f1894d/usnparser-4.0.0.tar.gz" } ], "4.0.1": [ { "comment_text": "", "digests": { "md5": "ad5162630bec277b17510509f0521317", "sha256": "2d80afc1a9c994b7f10337af9b1123125e9f72411f5c3359f3ae985015a87490" }, "downloads": -1, "filename": "usnparser-4.0.1.tar.gz", "has_sig": false, "md5_digest": "ad5162630bec277b17510509f0521317", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5469, "upload_time": "2017-04-24T06:39:46", "url": "https://files.pythonhosted.org/packages/7b/87/ad87bd15f16630fadfadf2ba6179c76279577a283049830d559808bd1637/usnparser-4.0.1.tar.gz" } ], "4.0.2": [ { "comment_text": "", "digests": { "md5": "e78f0e3364a9e6659bd0ee9e76a4e99c", "sha256": "10b1d909ccb806a31955655e8cf4b57734b24fdaeb46a41fd03a1eaeedf77bf0" }, "downloads": -1, "filename": "usnparser-4.0.2.tar.gz", "has_sig": false, "md5_digest": "e78f0e3364a9e6659bd0ee9e76a4e99c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 2324, "upload_time": "2017-05-21T18:15:49", "url": "https://files.pythonhosted.org/packages/db/a0/d82a727d46b99a8ddf9d2a664dbd1572ac234a1784cf952d9d21b50588dd/usnparser-4.0.2.tar.gz" } ], "4.0.3": [ { "comment_text": "", "digests": { "md5": "1e333797303fd39490765da541dba7b8", "sha256": "298ec99ed0512394f71afbb0654bc6b0ab8772cd712db95f6741cb6dca0c37e0" }, "downloads": -1, "filename": "usnparser-4.0.3.tar.gz", "has_sig": false, "md5_digest": "1e333797303fd39490765da541dba7b8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5494, "upload_time": "2017-05-21T18:38:26", "url": "https://files.pythonhosted.org/packages/d4/1f/abf739d2e26f5abbbda93f6fe8ff119e16bc4fdb179ea5f41cbaf92726dc/usnparser-4.0.3.tar.gz" } ], "4.1.0": [ { "comment_text": "", "digests": { "md5": "a28eb3ff8673d5d2f62148fab8a8cfe0", "sha256": "b91150326779190e0a89918f5187b65bc8e80df3e2b4e5db3dcad4dd15ef3ace" }, "downloads": -1, "filename": "usnparser-4.1.0-py2.7.egg", "has_sig": false, "md5_digest": "a28eb3ff8673d5d2f62148fab8a8cfe0", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 5402, "upload_time": "2018-12-12T16:18:50", "url": "https://files.pythonhosted.org/packages/53/83/34597776e17d6cdfd0635a819cf696d7b7aaa34ab7c16dbf73f0e3df30fe/usnparser-4.1.0-py2.7.egg" } ], "4.1.1": [ { "comment_text": "", "digests": { "md5": "b900e3de0068b266286f03d7b4dd1e4c", "sha256": "09cc4cc59bebe7e64c83137dde6509c2e6c118159addddbfe699505249c47d32" }, "downloads": -1, "filename": "usnparser-4.1.1-py2.7.egg", "has_sig": false, "md5_digest": "b900e3de0068b266286f03d7b4dd1e4c", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 5401, "upload_time": "2018-12-12T16:34:55", "url": "https://files.pythonhosted.org/packages/69/5e/4ff8800a020de50ce9e8a039c9ee04e89c1a99ccd332c466907e2c1c6090/usnparser-4.1.1-py2.7.egg" } ], "4.1.2": [ { "comment_text": "", "digests": { "md5": "d238c98d1d8aa8cf39e7a8b77dcb40e5", "sha256": "2bfdf72979d847dde00630dbbadbfd7e70aa088f0b68578cef560ca7f27077d6" }, "downloads": -1, "filename": "usnparser-4.1.2-py2.7.egg", "has_sig": false, "md5_digest": "d238c98d1d8aa8cf39e7a8b77dcb40e5", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 5402, "upload_time": "2018-12-12T18:46:54", "url": "https://files.pythonhosted.org/packages/1b/84/b2150e7a79ac4b7347aca05469dc7f0c24840c16118c50d8854b39cdba8f/usnparser-4.1.2-py2.7.egg" } ], "4.1.3": [ { "comment_text": "", "digests": { "md5": "740a27d199655f8f1d63c01a00aa049c", "sha256": "4b1b23b3e126e3a0cc235ac348f13c3954c5d4c680da3458210d626253a5e57b" }, "downloads": -1, "filename": "usnparser-4.1.3-py2.7.egg", "has_sig": false, "md5_digest": "740a27d199655f8f1d63c01a00aa049c", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 5402, "upload_time": "2018-12-12T19:02:46", "url": "https://files.pythonhosted.org/packages/8a/07/567d0acdd2fe1e02aaf0ce32ababda46895eaf493210849bb92252d19b24/usnparser-4.1.3-py2.7.egg" } ], "4.1.4": [ { "comment_text": "", "digests": { "md5": "0592fb00a3038928dc9c22a155054697", "sha256": "d4a4a7c32972c2576fd5c811bdc6d086bde42599dee682a07b7d4a80ea51368d" }, "downloads": -1, "filename": "usnparser-4.1.4-py2.7.egg", "has_sig": false, "md5_digest": "0592fb00a3038928dc9c22a155054697", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 5402, "upload_time": "2018-12-12T19:39:53", "url": "https://files.pythonhosted.org/packages/64/a4/72bee994d0afb2f1a5cc0c8c9c2dc56852bc19e3cde2724b17a121c21e45/usnparser-4.1.4-py2.7.egg" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "0592fb00a3038928dc9c22a155054697", "sha256": "d4a4a7c32972c2576fd5c811bdc6d086bde42599dee682a07b7d4a80ea51368d" }, "downloads": -1, "filename": "usnparser-4.1.4-py2.7.egg", "has_sig": false, "md5_digest": "0592fb00a3038928dc9c22a155054697", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 5402, "upload_time": "2018-12-12T19:39:53", "url": "https://files.pythonhosted.org/packages/64/a4/72bee994d0afb2f1a5cc0c8c9c2dc56852bc19e3cde2724b17a121c21e45/usnparser-4.1.4-py2.7.egg" } ] }