├── README.md
├── image.png
├── result.png
└── script.ps1


/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # Description
 3 | The script helps you to find all modified, accessed, and created files in a range of time. 
 4 | All you need is to run the script with the Administrator's permission.
 5 | 
 6 | ![IMAGE1](https://github.com/3gbCyber/IR-Last-Write-Time/blob/main/image.png)
 7 | 
 8 | **Argument1:** Choose the path you want to search to files that modified, accessed, or created Ex. "C:\Users\"
 9 | 
10 | **Argument2:** Specify the type of your search, just write one of these (LastAccessTime, LastWriteTime, CreationTime)
11 | 
12 | **Argument3 & Argument4:** Choose the range date M/D/Y Ex. 11/1/22 11/25/22 
13 | 
14 | **Arguemnt5:** The output name Ex. C:\temp\Result.csv
15 | 
16 | Ex. I'm looking for files that had been modified from 1/12/22 3/12/22 in all C:\Users\ and want to save the result in C:\temp\
17 | 
18 | ```./run.ps1 C:\Users\ LastWriteTime 1/12/22 3/12/22 'C:\temp\result.csv'```
19 | 
20 | 
21 | # Ex. RESULT
22 | ![result](https://github.com/3gbCyber/IR-Last-Write-Time/blob/main/result.png)
23 | 
24 | 


--------------------------------------------------------------------------------
/image.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/3gbCyber/IR-Last-Write-Time/d960b3e1960812f02c2395a7a858b31b7bd0cc1b/image.png


--------------------------------------------------------------------------------
/result.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/3gbCyber/IR-Last-Write-Time/d960b3e1960812f02c2395a7a858b31b7bd0cc1b/result.png


--------------------------------------------------------------------------------
/script.ps1:
--------------------------------------------------------------------------------
 1 | $path = $args[0]
 2 | $type = $args[1]
 3 | $from = $args[2]
 4 | $to = $args[3]
 5 | $output = $args[4]
 6 | 
 7 | Get-ChildItem -Path $path -Force -Recurse -ev AccessErrors -ea silent `
 8 | | Select @{N="Owner";E={ (Get-Acl $_.FullName).Owner }}, Fullname, Length, LastAccessTime, LastWriteTime, CreationTime `
 9 | | ? {$_.$type -gt $from -AND $_.$type -lt $to} `
10 | | Export-Csv -Path $output -NoTypeInformation
11 | 


--------------------------------------------------------------------------------