Note:I translated Japanese into English using Google Translate.
Thank you, Google.

A little while ago I learned that ReFS supports the USN Journal.

How do I check the USN Journal on ReFS?

Format E: drive with ReFS.

Start the administrator command prompt. Check the status of USN Journal with fsutil command.

For some reason, access is denied. Also I could confirm that USN journal is not valid.

Enable USN Journal. However, the queryjournal option is access denied.

Create the Pictures folder and read the USN Journal. The readjournal command worked.(also tried the CSV option)

Copy example.jpg to the Pctures folder and browse.

Since ReFS does not support ObjectID, ObjectID is not set.

NTFS ADS is supported. Perhaps the USN Journal also exists as $J?

So how do I get USN Journal data on ReFS in RAW format?

<add>

I exported the area of ReFS and tried Carving. Unfortunately, no USN record was found.

Verification environment: Windows 10 1083

Reference URL:

https://en.wikipedia.org/wiki/ReFS

https://www.jpcert.or.jp/present/2018/JSAC2018_03_yamazaki.pdf

Bulk Extractor with Record Carving | Forensicist