The article presents a clustering method for identifying file impacts used in information security incidents investigation. The proposed method is based on application of k-means clusterization algorithm with adapted automatic optimal cluster number determination algorithm. Precisely defined clusters amount allows to group data to describe file impacts. The article discusses preparation process of input data obtained from $UsnJrnl volume changes log records, as well as the algorithm for identifying complex file impacts based on the search for relationships between clusters. The proposed clustering method has a pronounced automated character, which allows a specialist that carries out an information security incident investigation to speed up the process of identifying and eliminating the consequences of an incident.