Scripts/Get-UsnJournal.ps1

Function Get-UsnJournal {
    [OutputType('System.Journal.UsnJournal')]
    Param ($DriveLetter = 'C:')
    $JournalData = New-Object USN_JOURNAL_DATA
    [long]$dwBytes=0
    $VolumeHandle = OpenUSNJournal -DriveLetter $DriveLetter
    If ($VolumeHandle -AND $VolumeHandle -ne -1) {
        $return = [PoshChJournal]::DeviceIoControl(
            $VolumeHandle,
            [EIOControlCode]::FSCTL_QUERY_USN_JOURNAL,
            [ref]$Null,
            0,
            [ref]$JournalData,
            [System.Runtime.InteropServices.Marshal]::SizeOf([type][USN_JOURNAL_DATA]),
            [ref]$dwBytes,
            [intptr]::Zero
        )
        If ($Return) {
            $JournalData.pstypenames.insert(0,'System.Journal.UsnJournal')
            $JournalData
        }
    } Else {
        Write-Warning "Unable to get handle of volume <$($DriveLetter)>!"
    }
}