-
Notifications
You must be signed in to change notification settings - Fork 274
ForensicTimeline Class
Jared Atkinson edited this page Nov 5, 2015
·
7 revisions
public class ForensicTimeline
{
// Properties
public readonly DateTime Date;
public readonly string ActivityType;
public readonly string Source;
public readonly string User;
public readonly string ComputerName;
public readonly string FileName;
public readonly uint Index;
public readonly string Comment;
// Static Methods
public static ForensicTimeline Get(Amcache input)
public static ForensicTimeline[] GetInstances(Amcache[] input)
public static ForensicTimeline[] Get(Prefetch input)
public static ForensicTimeline[] GetInstances(Prefetch[] input)
public static ForensicTimeline Get(ScheduledJob input)
public static ForensicTimeline[] GetInstances(ScheduledJob[] input)
public static ForensicTimeline Get(UserAssist input)
public static ForensicTimeline[] GetInstances(UserAssist[] input)
public static ForensicTimeline[] Get(FileRecord input)
public static ForensicTimeline[] GetInstances(FileRecord[] input)
public static ForensicTimeline Get(UsnJrnl input)
public static ForensicTimeline[] GetInstances(UsnJrnl[] input)
public static ForensicTimeline Get(NamedKey input)
public static ForensicTimeline[] GetInstances(NamedKey[] input)
public static string ToFriendlyString(ACTIVITY_TYPE type)
}Date -
ActivityType -
Source -
User -
ComputerName -
FileName -
Index -
Comment -
| Name | Description |
|---|---|
| Get(Amcache) | |
| GetInstances(Amcache[]) | |
| Get(Prefetch) | |
| GetInstances(Prefetch[]) | |
| Get(ScheduledJob) | |
| GetInstances(ScheduledJob[]) | |
| Get(UserAssist) | |
| GetInstances(UserAssist[]) | |
| Get(FileRecord) | |
| GetInstances(FileRecord[]) | |
| Get(UsnJrnl) | |
| GetInstances(UsnJrnl[]) | |
| Get(NamedKey) | |
| GetInstances(NamedKey[]) | |
| ToFriendlyString(ACTIVITY_TYPE) |
Getting Started
- PowerForensics
- PowerForensics.Artifacts
- PowerForensics.Ntfs
- PowerForensics.Formats
- PowerForensics.Registry
- PowerForensics.Utilities
Cmdlets
- ConvertTo-ForensicTimeline
- Copy-ForensicFile
- Get-ForensicAlternateDataStream
- Get-ForensicAmcache
- Get-ForensicAttrDef
- Get-ForensicBitmap
- Get-ForensicBootSector
- Get-ForensicChildItem
- Get-ForensicContent
- Get-ForensicEventLog
- Get-ForensicFileRecord
- Get-ForensicFileRecordIndex
- Get-ForensicFileSlack
- Get-ForensicGuidPartitionTable
- Get-ForensicMasterBootRecord
- Get-ForensicMftSlack
- Get-ForensicNetworkList
- Get-ForensicPartitionTable
- Get-ForensicPrefetch
- Get-ForensicRegistryKey
- Get-ForensicRegistryValue
- Get-ForensicScheduledJob
- Get-ForensicSid
- Get-ForensicTimeline
- Get-ForensicTimezone
- Get-ForensicUnallocatedSpace
- Get-ForensicUserAssist
- Get-ForensicUsnJrnl
- Get-ForensicUsnJrnlInformation
- Get-ForensicVolumeBootRecord
- Get-ForensicVolumeInformation
- Get-ForensicVolumeName
- Invoke-ForensicDD