Get-BluGenieChildItemList

SYNOPSIS

Query for a list of files and folders that match a specific pattern

SYNTAX

Get-BluGenieChildItemList [[-SearchPath] <Object>] [-Recurse] [[-FilterType] <String>] [[-Pattern] <Object>] [-Remove] [[-StopWatchCounter] <Int32>] [[-SleepTimerSec] <Int32>] [[-Algorithm] <String>] [-Signature] 
[-Permissions] [-ShowProgress] [-ClearGarbageCollecting] [-UseCache] [[-CachePath] <String>] [-RemoveCache] [[-DBName] <String>] [[-DBPath] <String>] [-UpdateDB] [-ForceDBUpdate] [-NewDBTable] [-Walkthrough] 
[-ReturnObject] [-OutUnEscapedJSON] [-OutYaml] [[-FormatView] <String>] [<CommonParameters>]

DESCRIPTION

Query for a list of files and folders that match a specific pattern

Fastest search is based on the filter type set to "Name" this is default Slower search is based on all other filter type properties (Reference the Parameter FilterType to review)

EXAMPLES

EXAMPLE 1

Command: Get-BluGenieChildItemList -SearchPath C:\Temp -Recurse -Pattern '^notepad\.\w{3}$'

Description: Search C:\Temp and all sub directories for any file or directory named Notepad.*
Notes:

EXAMPLE 2

Command: Get-BluGenieChildItemList -SearchPath C:\Temp,C:\Trash,C:\Users -Recurse -Pattern '^notepad\.\w{3}$'

Description: Search multiple directories and all sub directories for any file or directory named Notepad.*.
Notes:

EXAMPLE 3

Command: Get-BluGenieChildItemList -SearchPath C:\Temp,C:\Trash,C:\Users -Recurse -Pattern '0e61079d3283687d2e279272966ae99d' -FilterType

HashDescription: Search multiple directories and the sub directories for a Hash value determined by the default Algorithm type of MD5
Notes:

EXAMPLE 4

Command: Get-BluGenieChildItemList -SearchPath C:\Windows -Pattern '^notepad\.\w{3}$' -Permissions -ShowStreamValue -Signature

Description: Query the C:\Windows dir for a file or directory named Notepad.* and return all associated Permissions, Alternate Data
Streams, and Signature information
Notes:

EXAMPLE 5

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse

Description: Search for all file(s) under (All Temp Locations for each user and the system) and sub directories
Notes:

EXAMPLE 6

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse -UseCache

Description: Cache found objects to disk to not over tax Memory resources
Notes: By default the Cache location is %SystemDrive%\Windows\Temp

EXAMPLE 7

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse -UseCache -RemoveCache

Description: Remove Cache data
Notes:

EXAMPLE 8

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse -UseCache -CachePath $Env:Temp

Description: Change the Cache path to the current users Temp directory
Notes: By default the Cache location is %SystemDrive%\Windows\Temp

EXAMPLE 9

Command: Get-ChildItem -path $env:temp -File | Get-BluGenieChildItemList -SearchPath Temp -Recurse -UseCache -ClearGarbageCollecting

Description: Scan large directories and limit the memory used to track data
Notes:

EXAMPLE 10

Command: Get-BluGenieChildItemList -SearchPath 'Temp' -Recurse -FilterType NameIncludeAll -UpdateDB

Description: Search every user and system Temp directory for all normal file information including hash and save the return to a DB
Notes: The default path is $('{0}\BluGenie' -f $env:ProgramFiles)  Example: C:\Program Files\BluGenie

EXAMPLE 11

Command: Get-BluGenieChildItemList -Help

Description: Call Help Information
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal
Get-Help will be called with the -Full parameter

EXAMPLE 12

Command: Get-BluGenieChildItemList -WalkThrough

Description: Call Help Information [2]
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal
Get-Help will be called with the -Full parameter

EXAMPLE 13

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse -OutUnEscapedJSON

Description: Return a detailed function report in an UnEscaped JSON format
Notes:  The OutUnEscapedJSON is used to Beautify the JSON return and not Escape any Characters.  Normal return data is a Hash Table.

EXAMPLE 14

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse -OutYaml

Description: Return a detailed function report in YAML format
Notes:  The OutUnEscapedJSON is used to Beautify the JSON return and not Escape any Characters.  Normal return data is a Hash Table.

EXAMPLE 15

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse -ReturnObject

Description: Return Output as a Object
Notes:  The ReturnObject is used to return a PowerShell Object.  Normal return data is a Hash Table.
This parameter is also used with the ForMat

EXAMPLE 16

Command: Get-BluGenieChildItemList -SearchPath Temp -Recurse -ReturnObject -FormatView Yaml

Description: Output PSObject information in Yaml format
Notes:  Current formats supported by default are ('Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV', 'Yaml', 'XML')
Default is set to (None) and normal PSObject.

PARAMETERS

SearchPath

-SearchPath <Object>
   Description: The path to start your search from
   Notes:
           If you specify "Temp" in the SearchPath field all the %SystemDrive%\Users\* Temp directories and the
           %SystemRoot%\Temp will be searched only.
   
           If you specify "AllUsers" in the SearchPath path all User Profiles from %SystemDrive%\Users will be
           prefixed to the rest of the path.
               Example:  -SearchPath 'AllUsers\AppData\Roaming'
   
               Output:     C:\Users\Administrator\AppData\Roaming
                           C:\Users\User1\AppData\Roaming
                           C:\Users\User2\AppData\Roaming
                           C:\Users\User3\AppData\Roaming
                           C:\Users\User4\AppData\Roaming
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    1
   Default value                $(Get-Location).Path
   Accept pipeline input?       false
   Accept wildcard characters?  false

Recurse

-Recurse [<SwitchParameter>]
   Description: Recurse through subdirectories
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

FilterType

-FilterType <String>
   Description:  Which property to filter by
   Notes:
           Filter Option = "Path"					-   Path Query with general file information
           Filter Option = "PathIncludeAll"        -   Path Query with extended file metadata
           Filter Option = "Name"                 	-   Name Query with general file information
           Filter Option = "NameIncludeAll"        -   Name Query with extended file metadata
           Filter Option = "Type"             		-   File Type Query with general file information
           Filter Option = "TypeIncludeAll"        -   File Type Query with extended file metadata
           Filter Option = "Hash"                  -   Hash Value Query with general file information
           Filter Option = "HashIncludeAll"		-	Hash Value Query with extended file metadata
           Filter Option = "ADS"					-	Alternate Data Stream Query (True Only) with general file information
           Filter Option = "ADSIncludeAll"		    -	Alternate Data Stream Query (True Only) with extended file metadata
   
           Default is a "Name" Query
   Alias:
   ValidateSet: 'Path','PathIncludeAll','Name','NameIncludeAll','Type','TypeIncludeAll','Hash','HashIncludeAll','ADS','ADSIncludeAll'
   
   Required?                    false
   Position?                    2
   Default value                Name
   Accept pipeline input?       false
   Accept wildcard characters?  false

Pattern

-Pattern <Object>
   Description: Search Pattern using RegEx
   Notes: Using -SearchHidden will convert the Pattern to RegEx Automatically but without the comma or
   the -SearchHidden the -Pattern is viewed as as a Command Console Search pattern.  You can use (*) wildcards.
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    3
   Default value                .*
   Accept pipeline input?       false
   Accept wildcard characters?  false

Remove

-Remove [<SwitchParameter>]
   Description: Remove the File(s) and Directory(s) found
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

StopWatchCounter

-StopWatchCounter <Int32>
   Description: Determine how many times the recheck for removing a file or directory happenes.  By default (12) times with a 5 second sleep
   Notes:  Determine how many times the recheck for removing a file or directory happenes.  By default (12) times with a 5 second sleep
           inbetween which is (60 seconds total)
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    4
   Default value                12
   Accept pipeline input?       false
   Accept wildcard characters?  false

SleepTimerSec

-SleepTimerSec <Int32>
   Description: Determine the Sleep time in seconds before the next recheck.  By default this is a 5 second sleep with 12 rechecks
   Notes:  Determine the Sleep time in seconds before the next recheck.  By default this is a 5 second sleep with 12 rechecks which is
           (60 seconds total)
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    5
   Default value                5
   Accept pipeline input?       false
   Accept wildcard characters?  false

Algorithm

-Algorithm <String>
   Description:  Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file.
   Notes:  The acceptable values for this parameter are:
   
           - SHA1
           - SHA256
           - SHA384
           - SHA512
           - MACTripleDES
           - MD5 = (Default)
           - RIPEMD160
   Alias:
   ValidateSet: 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512'
   
   Required?                    false
   Position?                    6
   Default value                MD5
   Accept pipeline input?       false
   Accept wildcard characters?  false

Signature

-Signature [<SwitchParameter>]
   Description: Query Signature information
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

Permissions

-Permissions [<SwitchParameter>]
   Description: Query Access Control List (ACL) information
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ShowProgress

-ShowProgress [<SwitchParameter>]
   Description: Display file count information to the Host to show query progress
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ClearGarbageCollecting

-ClearGarbageCollecting [<SwitchParameter>]
   Description: Garbage Collection in Powershell to Speed up Scripts and help lower memory consumption
   Notes: This is enabled by default.  To disable use -ClearGarbageCollecting:$False
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

UseCache

-UseCache [<SwitchParameter>]
   Description: Cache found objects to disk.  This is to not over tax Memory resources with found artifacts
   Notes: By default the Cache location is %SystemDrive%\Windows\Temp
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

CachePath

-CachePath <String>
   Description: Path to store the Cache information
   Notes: By default the Cache location is %SystemDrive%\Windows\Temp
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    7
   Default value                $('{0}\Windows\Temp\{1}.log' -f $env:SystemDrive, $(New-BluGenieUID))
   Accept pipeline input?       false
   Accept wildcard characters?  false

RemoveCache

-RemoveCache [<SwitchParameter>]
   Description: Remove Cache data on completion
   Notes: Cache information is removed right before the data is returned to the calling process
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

DBName

-DBName <String>
   Description: Database Name (Without extention)
   Notes: The default name is set to 'BluGenie'
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    8
   Default value                BluGenie
   Accept pipeline input?       false
   Accept wildcard characters?  false

DBPath

-DBPath <String>
   Description: Path to either Save or Update the Database
   Notes: The default path is $('{0}\BluGenie' -f $env:ProgramFiles)  Example: C:\Program Files\BluGenie
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    9
   Default value                $('{0}\BluGenie' -f $env:ProgramFiles)
   Accept pipeline input?       false
   Accept wildcard characters?  false

UpdateDB

-UpdateDB [<SwitchParameter>]
   Description: Save return data to the Sqlite Database
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ForceDBUpdate

-ForceDBUpdate [<SwitchParameter>]
   Description: Force an update of the return data to the Sqlite Database
   Notes: By default only new items are saved.  The primary key is ( FullName )
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

NewDBTable

-NewDBTable [<SwitchParameter>]
   Description: Delete and Recreate the Database Table
   Notes:
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

Walkthrough

-Walkthrough [<SwitchParameter>]
   Description:  Start the dynamic help menu system to help walk through the current command and all of the parameters
   Notes:
   Alias: Help
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ReturnObject

-ReturnObject [<SwitchParameter>]
   Description: Return information as an Object
   Notes: By default the data is returned as a Hash Table
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

OutUnEscapedJSON

-OutUnEscapedJSON [<SwitchParameter>]
   Description: Remove UnEsacped Char from the JSON information.
   Notes: This will beautify json and clean up the formatting.
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

OutYaml

-OutYaml [<SwitchParameter>]
   Description: Return detailed information in Yaml Format
   Notes: Only supported in Posh 3.0 and above
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

FormatView

-FormatView <String>
   Description: Automatically format the Return Object
   Notes: Yaml is only supported in Posh 3.0 and above
   Alias:
   ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV', 'Yaml'
   
   Required?                    false
   Position?                    10
   Default value                None
   Accept pipeline input?       false
   Accept wildcard characters?  false

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

PreviousGet-BluGenieAutoRuns NextGet-BluGenieCOMObjectInfo

Last updated 3 years ago