Here it is! StCroixSkipper's USN Journal Explorer version 1.0.
I would post the code here but it would take three or four posts. You can get the code at http://www.dreamincode.net/forums/blog/1017/entry-2502-stcroixskippers-usn-journal-explorer-10/ where I've attached a zip file with all of the source.
The UI is written in WPF and consists of a column of buttons that allows you to select a volume, Query, Create, Delete, Save State, View Changes, and List Folders. In the right hand pane, I display information in a listbox. Typically the listbox contains folder entries from the Master File Table (List Folders) or USN Journal entries and displays the file or folder name. You can see the detail by clicking or selecting an entry. I display a simple window with the detail about the entry formatted for readability.
I haven't written the code to build the fully qualified path name given a File Reference Number yet and there is one hitch. It is possible to be working on one entry whose Parent File Reference Number belongs to a folder that has already been deleted but the entry for the deleted folder is downstream in the USN Journal. I'm working on that.
Most of the buttons are self explanatory. But in order to view the changes to a volume (i.e. the USN Journal entries) you need to have a 'previous' state, then some changes to the volume. You'll need to 'Save State', then force some changes to the volume, then 'View Changes'. I typically bring up another development environment, 'Save State' then clean or rebuild a project and then view changes.
Also, you'll get an 'Access is denied' exception unless you have admin rights. I haven't added code to elevate priviliges yet.
There are a couple of bugs I haven't tracked down. I'm running Vista with indexing on. What I've discovered is that if I delete the USN Journal, it almost immediately is recreated by some other process running on my machine. I think it is the indexer.
The important class is NtfsUsnJournal. I'd like comments. I've tried to expose most of the functionality of the USN Journal while masking the complexity of actually accessing the data. I can add functions that make it even simpler to identify just changes to files and directories, adds, deletes, and changes.
If you can improve the code, I'm open to suggestions.
The application could certainly be improved but it is secondary to the NtfsUsnJournal class but feel free to comment.
Also, this is a work in progress but there may be a better forum to continue this. I'm open to suggestions.
StCroixSkipper