松哥的笔记
管理NTFS的USN日志
2017-12-15 lqy


To create a USN change journal on drive C, type:












fsutil usn createjournal m=1000 a=100 c:






To delete an active USN change journal on drive C, type:












fsutil usn deletejournal /d c:






To enumerate and list the change journal entries between two specified boundaries on drive C, type:












fsutil usn enumdata 1 0 1 c:






To query USN data for a volume on drive C, type:












fsutil usn queryjournal c:






To read the USN data for a file in the \Temp folder on drive C, type:












fsutil usn readdata c:\temp\sample.txt




发表评论:
昵称

邮件地址 (选填)

个人主页 (选填)

内容