# Get-BluGenieRegistryProcessTracking ### Get-BluGenieRegistryProcessTracking ### SYNOPSIS Query User Registry Hives for Process Tracking Information ### SYNTAX ``` Get-BluGenieRegistryProcessTracking [[-Algorithm] ] [-Signature] [-ClearGarbageCollecting] [-UseCache] [[-CachePath] ] [-RemoveCache] [[-DBName] ] [[-DBPath] ] [-UpdateDB] [-ForceDBUpdate] [-NewDBTable] [-Walkthrough] [-ReturnObject] [-OutUnEscapedJSON] [-OutYaml] [[-FormatView] ] [] ``` ### DESCRIPTION Query User Registry Hives for Process Tracking Information ### EXAMPLES #### EXAMPLE 1 ``` Get-BluGenieRegistryProcessTracking ``` ``` This will report on any executed processes that is ran and tracked in the registry for all loaded user registry hives The returned data will be a Hash Table The default file Hash value is MD5 ``` #### EXAMPLE 2 ``` Get-BluGenieRegistryProcessTracking -Algorithm SHA512 ``` ``` This will report on any executed processes that is ran and tracked in the registry for all loaded user registry hives The returned data will be a Hash Table The file Hash value is SHA512 ``` #### EXAMPLE 3 ``` Command: Get-BluGenieRegistryProcessTracking -UseCache ``` ``` Description: Cache found objects to disk to not over tax Memory resources Notes: By default the Cache location is %SystemDrive%\Windows\Temp ``` #### EXAMPLE 4 ``` Command: Get-BluGenieRegistryProcessTracking -UseCache -RemoveCache ``` ``` Description: Remove Cache data Notes: By default the Cache information is removed right before the data is returned to the caller ``` #### EXAMPLE 5 ``` Command: Get-BluGenieRegistryProcessTracking -UseCache -CachePath $Env:Temp ``` ``` Description: Change the Cache path to the current users Temp directory Notes: By default the Cache location is %SystemDrive%\Windows\Temp ``` #### EXAMPLE 6 ``` Command: Get-BluGenieRegistryProcessTracking -UseCache -ClearGarbageCollecting ``` ``` Description: Scan large directories and limit the memory used to track data Notes: ``` #### EXAMPLE 7 ``` Command: Get-BluGenieRegistryProcessTracking -Help ``` ``` Description: Call Help Information Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 8 ``` Command: Get-BluGenieRegistryProcessTracking -WalkThrough ``` ``` Description: Call Help Information [2] Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 9 ``` Command: Get-BluGenieRegistryProcessTracking -OutUnEscapedJSON ``` ``` Description: Return a detailed function report in an UnEscaped JSON format Notes: The OutUnEscapedJSON is used to Beautify the JSON return and not Escape any Characters. Normal return data is a Hash Table. ``` #### EXAMPLE 10 ``` Command: Get-BluGenieRegistryProcessTracking -OutYaml ``` ``` Description: Return a detailed function report in YAML format Notes: The OutUnEscapedJSON is used to Beautify the JSON return and not Escape any Characters. Normal return data is a Hash Table. ``` #### EXAMPLE 11 ``` Command: Get-BluGenieRegistryProcessTracking -ReturnObject ``` ``` Description: Return Output as a Object Notes: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table. This parameter is also used with the FormatView ``` #### EXAMPLE 12 ``` Command: Get-BluGenieRegistryProcessTracking -ReturnObject -FormatView Yaml ``` ``` Description: Output PSObject information in Yaml format Notes: Current formats supported by default are ('Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV', 'Yaml') Default is set to (None) and normal PSObject. ``` ### PARAMETERS #### Algorithm ``` -Algorithm Description: Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file. Notes: The acceptable values for this parameter are: - SHA1 - SHA256 - SHA384 - SHA512 - MACTripleDES - MD5 = (Default) - RIPEMD160 If no value is specified, or if the parameter is omitted, the default value is (MD5). Alias: ValidateSet:'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512' Required? false Position? 1 Default value MD5 Accept pipeline input? false Accept wildcard characters? false ``` #### Signature ``` -Signature [] Description: Validate Signature information of the process if the item is still on disk. Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ClearGarbageCollecting ``` -ClearGarbageCollecting [] Description: Garbage Collection in Powershell to Speed up Scripts and help lower memory consumption Notes: This is enabled by default. To disable use -ClearGarbageCollecting:$False Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### UseCache ``` -UseCache [] Description: Cache found objects to disk. This is to not over tax Memory resources with found artifacts Notes: By default the Cache location is %SystemDrive%\Windows\Temp Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### CachePath ``` -CachePath Description: Path to store the Cache information Notes: By default the Cache location is %SystemDrive%\Windows\Temp Alias: ValidateSet: Required? false Position? 2 Default value $('{0}\Windows\Temp\{1}.log' -f $env:SystemDrive, $(New-BluGenieUID)) Accept pipeline input? false Accept wildcard characters? false ``` #### RemoveCache ``` -RemoveCache [] Description: Remove Cache data on completion Notes: Cache information is removed right before the data is returned to the calling process Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### DBName ``` -DBName Description: Database Name (Without extention) Notes: The default name is set to 'BluGenie' Alias: ValidateSet: Required? false Position? 3 Default value BluGenie Accept pipeline input? false Accept wildcard characters? false ``` #### DBPath ``` -DBPath Description: Path to either Save or Update the Database Notes: The default path is $('{0}\BluGenie' -f $env:ProgramFiles) Example: C:\Program Files\BluGenie Alias: ValidateSet: Required? false Position? 4 Default value $('{0}\BluGenie' -f $env:ProgramFiles) Accept pipeline input? false Accept wildcard characters? false ``` #### UpdateDB ``` -UpdateDB [] Description: Save return data to the Sqlite Database Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ForceDBUpdate ``` -ForceDBUpdate [] Description: Force an update of the return data to the Sqlite Database Notes: By default only new items are saved. The primary key is ( FullName ) Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### NewDBTable ``` -NewDBTable [] Description: Delete and Recreate the Database Table Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### Walkthrough ``` -Walkthrough [] Description: Start the dynamic help menu system to help walk through the current command and all of the parameters Notes: Alias: Help ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ReturnObject ``` -ReturnObject [] Description: Return information as an Object Notes: By default the data is returned as a Hash Table Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OutUnEscapedJSON ``` -OutUnEscapedJSON [] Description: Remove UnEsacped Char from the JSON information. Notes: This will beautify json and clean up the formatting. Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OutYaml ``` -OutYaml [] Description: Return detailed information in Yaml Format Notes: Only supported in Posh 3.0 and above Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### FormatView ``` -FormatView Description: Automatically format the Return Object Notes: Yaml is only supported in Posh 3.0 and above Alias: ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV', 'Yaml' Required? false Position? 5 Default value None Accept pipeline input? false Accept wildcard characters? false ``` #### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about\_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://manuals.blusapphire.io/blugenie/full-function-list/get-blugenieregistryprocesstracking.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.