One user was going through the output of fsutil usn readjournal and wondered about the "file ID" and "parent file ID" rows. The output of that command appears to correspond (with the rows somewhat out of order) to the USN_RECORD_V3 Windows API structure. The IDs mentioned are NTFS object identifiers. They can be converted to a full path with fsutil file queryFileNameById. For example:
fsutil file queryFileNameById C:\ 0x0000000000000000001200000019ab0e
No comments:
Post a Comment