USN Journal

The USN Journal (Update Sequence Number Journal), or Change Journal,^[1] is a feature of NTFS which maintains a record of changes made to the volume. It is not to be confused with the journal used for the NTFS file system journaling.

When Windows 2000 was released, Microsoft created NTFS version 3.0, which included several new features and improvements over older versions of the file system. One of these was a new system management feature that is very useful for certain types of applications. Under Windows 2000, NTFS 3.0 partitions can be set to keep track of changes to files and directories on the volume, providing a record of when and what was done to the various objects. When enabled, the system records all changes made to the volume in the USN Journal, which is the name also used to describe the feature itself.

One journal is maintained for each NTFS volume and stored in the NTFS metafile named $Extend\$UsnJrnl. It begins as an empty file. Whenever a change is made to the volume, a record is added to the file. Each record is identified by a 64-bit Update Sequence Number or USN. (For this reason Change Journals are sometimes called USN Journals.) Each record in the Change Journal contains the USN, the name of the file, and information about what the change was.

The Change Journal describes the changes that took place using bit flags (e.g. USN_REASON_DATA_OVERWRITE^[2]), therefore it does not include all the data or details associated with the change. For this reason the Change Journal cannot be used to undo operations on files within NTFS.

Uses

The USN Journal is used by the File History feature introduced in Windows 8 to determine which files have changed since the last backup so that only files that have changed are added to the history.^[3]

References

↑ Cooperstein, Jeffrey; Richter, Jeffrey (September 1999). "Keeping an Eye on Your NTFS Drives: the Windows 2000 Change Journal Explained". Microsoft Systems Journal (MSJ). Microsoft Corporation. Retrieved 10 June 2009.
↑ "USN_RECORD_V2 structure". Microsoft Developer Network. Microsoft Corporation. Retrieved 2014-11-06.
↑ Bright, Peter. "A step back in time with Windows 8′s File History". Ars Technica. Retrieved 2 February 2014.

External links

"Change Journals (Windows)". Microsoft Developers Network Library, Win32 and COM Development, Volume Management. Microsoft Corporation. Retrieved 10 June 2009.
"FSUTIL: USN". Windows XP Professional Product Documentation. Microsoft Corporation. Retrieved 10 June 2009.
"FSUTIL: USN". Microsoft Technet Library, Windows Server Tech Center. Microsoft Corporation. 28 September 2007. Retrieved 10 June 2009.
"NTFS Self-Healing". Microsoft Technet Library, Windows Server Tech Center. Microsoft Corporation. 21 January 2008. Retrieved 10 June 2009.

This article is issued from Wikipedia - version of the 6/11/2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.