JParser was originally developed in C to parse USN Journal files ($J) on Linux. It was re-developed in Swift 4. Use it as is. It supports Linux(Ubuntu) and macOS. Testings have been done before this release. However, please feel free to reach out to me if any bugs are found.
0.3.0
Usage: jparser [-h] [-w OUTPUT_FILE] [JOURNAL_FILE]
Options:
-h,–help Show this help message
-w,–write OUTPUT_FILE Write the journal data in a file
jparser -w output.csv J
L2TCSV
- Ubuntu 16.04 x64 (tested)
- macOS High Sierra (tested)
It may work on other Ubuntu version. However, testings are required to confirm it.
Ubuntu: Latest Swift 4.2 libraries (https://swift.org/download/).
- Download the Swift 4.2 package according to your Ubuntu version
- Unpack the package.
- In the unpacked package, the library files (*.so) can be found in "/usr/lib/swift/linux"
- Copy them to /usr/lib or other shared library folders. Alternatively, define your own shared library folder for those files.
61506b4823bf35dde1f10fdf377038f5a55cc0ebf1dc767d6463e6a1759f9787 jparser-0.3.0-macOS.zip e5e4f694cb4f8450d53fea496ca86ac5a7573b22c781e70a75cb110dd92c4a26 jparser-0.3.0-Ubuntu-x64.zip
- Currently, this tool only supports UTC.
- The date format is yyyy-mm-dd.
Apache License 2.0