EnCase v7 EnScript to parse USNJRNL

It's hard to believe its been almost six years since I wrote the original EnCase v6  EnScript to parse the $USNJRNL file for Windows XP (when enabled), just as Vista was hitting the scene. Here is the original post and information.

Someone recently contacted me about a version that works in EnCase v7, so I figured I would post the updated version for others. This version works the same as the version written for EnCase v6. It recurses through all the objects in the case and parses the $USNJRNL•$J file. The parsed entries are written to the console as well as to a CSV file created in the case export folder.

The reason codes for what caused the entries to appear in the USNJRNL are referenced here:
http://msdn.microsoft.com/en-us/library/aa365722(VS.85).aspx

Download EnCase v7 EnScript here