The search for files – Part 1

This time I will go back to the topic of using the QuickIO.Net library.
You may have read my earlier post but for those who haven’t you can find it here:

Using QuickIO.Net with Powershell

I’ve decided to make this a multipart post as it would be quite large for one single post.
But lets begin with a little background.

The original post was really in regard to using QuickIO.Net for generic file searches.
But without some limitations of the built-in cmdlets in Windows/Powershell.
The main one is the limit of 260 charcters in the path.
A lot of Windows/Powershell programs and cmdlets can’t deal with paths of more than 260 characters.

In the original post I mentioned the background for me to use QuickIO.Net.
Which was that a client of mine had a crypto locker type event but the paths had more than 260 charcters. So I had to come up with another solution to check the file shares for a random 6 character extension.

After that post I mentioned it to people in forums and in facebook groups with similar events. But the original post didn’t really include any handling of the results except what I had to use. Which were the check for files with a 6 character extension.

As a result there were discussions and comments around using it for other/extended scenarios.
In the comments section of the original post you can find an example of how Svein Erik solved his scenario. Including automation of restoring files that was found.

To expand on the original post I’ve created some new functions with some ideas around the processing part of the file search result. In the beginning the idea was to base this around the crypto locker type searches.
But I soon came to the conclusion, why limit this to just that particular use case?
The same functions could be used for any type of file search that you want to filter on the extension and/or signature. You can find the link to the powershell module and manifest in the third part of this series.

Anyway, the new functions that I’ve added are:

Get-FilteredFileList
Will create the list of the files that you want, this is the “orchestrator” of generating the result.
Search-FileExtension
Is a helper function to filter the contents during the list generation, based on the used settings.
Test-FileMatch
Is a helper function just to determine if the extension is a match or not.
Test-FileSignature
Will see if the signature of the file is correct depending on the signature you’ve entered in the call to Get-FilteredFileList.
Get-FileSignature
Will give you the signature from an example file that you provide the path to.

I’ll explain in more detail what these functions do in the next couple of posts.
With that I’ll end this post here, as it’s time to start looking at the functions.

See you in the next part.

Leave a Reply

Your email address will not be published. Required fields are marked *