|
gptkbp:instanceOf
|
file system feature
|
|
gptkbp:accessibleBy
|
gptkb:Win32_API
DeviceIoControl
|
|
gptkbp:alsoKnownAs
|
gptkb:USN_Journal
|
|
gptkbp:canBeDisabled
|
yes
|
|
gptkbp:canCreate
|
gptkb:FSCTL_CREATE_USN_JOURNAL
|
|
gptkbp:canQuery
|
gptkb:FSCTL_QUERY_USN_JOURNAL
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
NTFS Change Journal
|
|
gptkbp:introducedIn
|
gptkb:Windows_2000
|
|
gptkbp:location
|
$Extend\\$UsnJrnl metafile
|
|
gptkbp:maintainedBy
|
gptkb:Microsoft_Windows
|
|
gptkbp:monitors
|
file deletion
file renaming
directory changes
file creation
file modification
|
|
gptkbp:numberOfLocations
|
timestamps
file attributes
update sequence numbers (USN)
reason codes
USN records
file reference numbers
|
|
gptkbp:partOf
|
gptkb:NTFS
|
|
gptkbp:recordedAt
|
changes to files and directories
|
|
gptkbp:removes
|
gptkb:FSCTL_DELETE_USN_JOURNAL
|
|
gptkbp:size
|
configurable
|
|
gptkbp:status
|
enabled on system drives
|
|
gptkbp:usedBy
|
gptkb:security
gptkb:software
search indexing
|
|
gptkbp:usedFor
|
forensics
system auditing
tracking file system changes
|
|
gptkbp:bfsParent
|
gptkb:Shadow_Copies
|
|
gptkbp:bfsLayer
|
7
|