jp ?is a command line tool that targets NTFS change log journals. The change journal is a component of NTFS that will, when enabled, record changes made to files.
The change journal will record amongst other things: (a) time of the change, (b) affected file/directory, (c) change type (eg. delete, rename, size extend, etc), and therefore makes a useful tool when looking at a computer forensically. Each entry is of variable size and its internal structure is documented in the MSDN.
Microsoft provides tools to look/affect the change journal as well as a published API to programmatically read/write from/to the change log.? jp ?however, doesn't make use of this Windows API, but does the parsing by traversing the raw structures. This allows? jp ?to be compiled for use on other operating systems to parse the change journal as a component in a forensic toolkit.