Daily Blog #241: USN Journals on Removable Drives? Awesome!

Hello Reader,
             Just a quick one today to talk about something we've seen twice now in the lab. Removable drives aka external storage devices that are formatted NTFS and have USN Journals. I am still trying to determine what criteria causes these USN Journals to appear, but let me tell you I'm very happy when they are.


If you are working a case and need to determine what files were accessed from an external drive, but don't have the computer it was connected to, the USN is your best friend. In both of these cases we where able to say for the dates contained within the USN Journal what files had been accessed and how many times! That's huge for our work and something you should be looking for in the future.

I'm going to put the lab to work on discovering why these USN Journals are appear but I am very grateful that they do!

