FileRecord Class

Syntax

public class FileRecord
{
    // Properties
    public readonly string VolumePath;
    public readonly ulong LogFileSequenceNumber;
    public readonly ushort SequenceNumber;
    public readonly ushort Hardlinks;
    public readonly bool Deleted;
    public readonly bool Directory;
    public readonly uint RealSize;
    public readonly uint AllocatedSize;
    public readonly ulong ReferenceToBase;
    public readonly uint RecordNumber;
    public readonly Attr[] Attribute;
    public readonly DateTime ModifiedTime;
    public readonly DateTime AccessedTime;
    public readonly DateTime ChangedTime;
    public readonly DateTime BornTime;
    public readonly StandardInformation.ATTR_STDINFO_PERMISSION Permission;
    public readonly string FullName;
    public readonly string Name;
    public readonly ushort ParentSequenceNumber;
    public readonly ulong ParentRecordNumber;
    public readonly DateTime FNModifiedTime;
    public readonly DateTime FNAccessedTime;
    public readonly DateTime FNChangedTime;
    public readonly DateTime FNBornTime;

    // Static Methods
    public static FileRecord Get(string path, bool fast)
    public static FileRecord Get(string volume, int index, bool fast)
    public static FileRecord[] GetInstances(string volume)
    public static FileRecord[] GetInstancesByPath(string path)
    public static byte[] GetRecordBytes(string path)
    public static byte[] GetRecordBytes(string volume, int index)

    // Instance Methods
    public byte[] GetContent()
    public byte[] GetContent(string StreamName)
    public void CopyFile(string Destination)
    public void CopyFile(string Destination, string StreamName)
    public IndexEntry[] GetChild()
    public FileRecord GetParent()
    public UsnJrnl GetUsnJrnl()
    public byte[] GetSlack()
    public byte[] GetMftSlack()
    public string GetHash(string algorithm)
    public string GetHash(string algorithm, string stream)
    
    // Override Methods
    public override string ToString()
}

Properties

VolumePath - LogFileSequenceNumber - SequenceNumber - Hardlinks - Deleted - Directory - RealSize - AllocatedSize - ReferenceToBase - RecordNumber - Attribute - ModifiedTime - AccessedTime - ChangedTime - BornTime - Permission - FullName - Name - ParentSequenceNumber - ParentRecordNumber - FNModifiedTime - FNAccessedTime - FNChangedTime - FNBornTime -

Methods

Name	Description
Get(string, bool)
Get(string, int, bool)
GetInstances(string)
GetInstancesByPath(string)
GetRecordBytes(string)
GetRecordBytes(string, int)
GetContent()
GetContent(string)
CopyFile(string)
CopyFile(string, string)
GetChild()
GetParent()
GetUsnJrnl()
GetSlack()
GetMftSlack()
GetHash(string)
GetHash(string, string)
ToString()

Home

Getting Started

Installation

Documentation

PowerForensics
PowerForensics.Artifacts
- AlternateDataStream
- Amcache
- NetworkList
- Prefetch
- ScheduledJob
- Sid
- Timezone
- UserAssist
PowerForensics.Ntfs
- Attr
- AttrDef
- AttributeList
- AttrRef
- BadClus
- Bitmap
- Data
- DataRun
- FileName
- FileRecord
- IndexAllocation
- IndexEntry
- IndexRoot
- MasterFileTable
- NonResident
- ObjectId
- StandardInformation
- UsnJrnl
- UsnJrnlDetail
- Volume
- VolumeBootRecord
- VolumeInformation
- VolumeName
PowerForensics.Formats
- ForensicTimeline
- HexDump
PowerForensics.Registry
- Cell
- HashedLeaf
- Helper
- Leaf
- List
- NamedKey
- OffsetRecord
- RegistryHeader
- SecurityDescriptor
- SecurityKey
- ValueKey
- ValuesList
PowerForensics.Utilities
- DD
- Rot13

Cmdlets

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FileRecord Class

Syntax

Properties

Methods

Clone this wiki locally