DFSP # 015 - $UsnJrnl File
The $UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.