USN Parser is an open-source tool for analysing the Windows NTFS USN Journal ($UsnJrnl:$J) and the Master File Table ($MFT) directly in the browser. It exists because forensic artefacts are sensitive by nature and have no business being uploaded to a SaaS just to be parsed.
How it works
The parser is a small Rust crate — built on Airbus CERT's usnrs — compiled to WebAssembly. Drop a $J file (and optionally an $MFT) into the page, and the records come back as structured rows. The full code path runs in a Web Worker on your device. Nothing is uploaded.
Who maintains it
USN Parser is published by Cyber Experts, a French cybersecurity consultancy specialising in incident response and digital forensics. The source code is on GitHub under the Apache 2.0 license. Issues and pull requests are welcome.
- Repository: github.com/Cyber-Experts/usn-parser
- License: Apache-2.0
- Languages: 8 (English, French, Spanish, German, Italian, Portuguese, Japanese, Chinese)
- Stack: Next.js, React, Rust, WebAssembly
What this site is not
It is not a forensic suite — it has no acquisition or imaging capabilities. It does not store, log, or transmit the contents of files you analyse with it. If you need a full Windows triage platform, look at Velociraptor or KAPE. If you need an MFT-only parser, MFTECmd from Eric Zimmerman is the de-facto reference.
USN Parser is the missing piece for one specific job: getting from a carved $J to a queryable, filterable, exportable list of records, without leaving the browser.