:py:mod:`dissect.ntfs.usnjrnl`
==============================

.. py:module:: dissect.ntfs.usnjrnl


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.ntfs.usnjrnl.UsnJrnl
   dissect.ntfs.usnjrnl.UsnRecord




.. py:class:: UsnJrnl(fh: BinaryIO, ntfs: Optional[dissect.ntfs.ntfs.NTFS] = None)


   Parse the USN journal from a file-like object of the ``$UsnJrnl:$J`` stream.

   :param fh: A file-like object of the $UsnJrnl:$J stream.
   :param ntfs: An optional :class:`~dissect.ntfs.ntfs.NTFS` class instance, used for resolving file paths.

   .. py:method:: records() -> Iterator[UsnRecord]

      Yield all parsed USN records.

      Only yields version 2 USN records, other record versions are ignored.



.. py:class:: UsnRecord(usnjrnl: UsnJrnl, fh: BinaryIO, offset: int)


   Parse a USN record from a file-like object and offset.

   :param usnjrnl: The :class:`UsnJrnl` class this record is parsed from.
   :param fh: The file-like object to parse a USN record from.
   :param offset: The offset to parse a USN record at.

   .. py:property:: timestamp
      :type: datetime.datetime


   .. py:property:: timestamp_ns
      :type: int


   .. py:method:: __repr__() -> str

      Return repr(self).


   .. py:method:: __getattr__(attr: str) -> Any


   .. py:method:: file() -> Optional[dissect.ntfs.mft.MftRecord]


   .. py:method:: parent() -> Optional[dissect.ntfs.mft.MftRecord]


   .. py:method:: full_path() -> str