Advanced $UsnJrnl Forensics
Everything研究之读取NTFS下的USN日志文件(1)
http://www.voidcn.com/article/p-vbffmndo-rz.html
Everything研究之读取NTFS下的USN日志文件(2)
https://blog.csdn.net/xexiyong/article/details/16903471
USN_RECORD_V2结构
https://docs.microsoft.com/zh-cn/windows/desktop/api/winioctl/ns-winioctl-usn_record_v2
重新推出$ UsnJrnl
http://journeyintoir.blogspot.com/2013/01/re-introducing-usnjrnl.html
NTFS $ UsnJrnl Parser
https://www.guidancesoftware.com/app/NTFS-UsnJrnl-Parser
安全Braindump
http://www.securitybraindump.com/2011/07/dear-diary-today-i-was-infected-with.html