What is the "USN Journal"? It is "Update Sequence number Journal". It records changes in the NTFS volume. The scenario is about Bomb threat. I use X-ways forensics to parse USN Journal and the screenshot below are the parsing result. You could see the column name-"Timestamp", "Change Type", "File ID", "Attribue" and "Filename".
Where is the USN Journal? That ' s it. A Strange file whose name is $USNJml: $J. What is $J? It's so called ADS (Alternate Data Stream). Usually ADS would contain metadata of that file.
Let's take the first REOCRD of the screenshot for Examplie. The file "bombs made. lnk" created means suspect did double click the folder "Bomb made" and the timestamp was 2013/12/16 21:50:41. The other records also had something to does with "Bomb" at 2013/12/16 21:50. So we could know that suspect do access those folders and files that time, and no doubt those files and folders did exist At that time. Look into the USN parsing result and we could get a whole picture of "Timeline".
Windows USN Journal Parsing