public void ShouldFind1544EforeTimeStamp()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var dt = new DateTimeOffset(2014, 5, 20, 14, 19, 40, TimeSpan.FromSeconds(0));
var hits = usrClass1.FindByLastWriteTime(null, dt).ToList();
Check.That(hits.Count).IsEqualTo(21);
}
public void ShouldFind1248AfterTimeStamp()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var dt = new DateTimeOffset(2014, 11, 13, 15, 51, 17, TimeSpan.FromSeconds(0));
var hits = usrClass1.FindByLastWriteTime(dt, null).ToList();
Check.That(hits.Count).IsEqualTo(14);
}
public void ShouldFindTwoBetweenTimeStamp()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var start = new DateTimeOffset(2014, 5, 20, 19, 00, 00, TimeSpan.FromSeconds(0));
var end = new DateTimeOffset(2014, 5, 20, 23, 59, 59, TimeSpan.FromSeconds(0));
var hits = usrClass1.FindByLastWriteTime(start, end).ToList();
Check.That(hits.Count).IsEqualTo(2);
}
