C# (CSharp) PowerForensics.Windows.Artifacts Prefetch Exemples

Langage de programmation: C# (CSharp)

Espace de nommage/Pack: PowerForensics.Windows.Artifacts

Class/Type: Prefetch

Exemples au hotexamples.com: 2

C# (CSharp) PowerForensics.Windows.Artifacts Prefetch - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de PowerForensics.Windows.Artifacts.Prefetch extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Associées

GroupWaitingToBePlanted

PinholeCamera

reportForm

MetadataFile

ReceiptsDetailsViewModel

ECNormalizeData

EmailSendRecordPageQueryWhere

ColorChangingProperties

ILspHandlerTypeDescriptorProvider

IntervalHeap

Related in langs

id_usuari (PHP)

pc_del_blacklist (PHP)

ringbuffer_write (C++)

print_failed_expectations (C++)

NewFlowTableComplex (Go)

Sync (Go)

StringBuffer (Java)

Rndm_bldr_wkr (Java)

get_associate_by_name (Python)

floatArray_frompointer (Python)

Exemple #1

0

Afficher le fichier

/// <summary> /// /// </summary> /// <param name="volume"></param> /// <returns></returns> public static Prefetch[] GetInstances(string volume) { // Get current volume Helper.getVolumeName(ref volume); using (FileStream streamToRead = Helper.getFileStream(volume)) { NtfsVolumeBootRecord VBR = VolumeBootRecord.Get(streamToRead) as NtfsVolumeBootRecord; // Get a byte array representing the Master File Table byte[] MFT = MasterFileTable.GetBytes(streamToRead, volume); // Build Prefetch directory path string pfPath = Helper.GetVolumeLetter(volume) + @"\Windows\Prefetch"; /*if(CheckStatus(Helper.GetVolumeLetter(volume) + @"\Windows\system32\config\SAM") != PREFETCH_ENABLED.DISABLED) * {*/ // Get IndexEntry IndexEntry[] pfEntries = IndexEntry.GetInstances(pfPath); Prefetch[] pfArray = new Prefetch[pfEntries.Length]; int i = 0; foreach (IndexEntry entry in pfEntries) { if (entry.Filename.Contains(".pf")) { pfArray[i] = new Prefetch(FileRecord.Get(volume, (int)entry.RecordNumber, true).GetContent(VBR)); i++; } } return(pfArray); /*} * else * { * throw new Exception("Prefetching is disabled. Check registry to ensure Prefetching is enabled."); * }*/ } }

Exemple #2

0

Afficher le fichier

/// <summary> /// /// </summary> /// <param name="volume"></param> /// <param name="fast"></param> /// <returns></returns> public static Prefetch[] GetInstances(string volume, bool fast) { // Get current volume Helper.getVolumeName(ref volume); // Get volume letter string volLetter = Helper.GetVolumeLetter(volume); // Build Prefetch directory path string prefetchPath = volLetter + @"\Windows\Prefetch"; // Check prefetchPath exists if (Directory.Exists(prefetchPath)) { // Get list of file in the Prefetch directory that end in the .pf extension var pfFiles = System.IO.Directory.GetFiles(prefetchPath, "*.pf"); // Instantiate an array of Prefetch objects Prefetch[] pfArray = new Prefetch[pfFiles.Length]; // Iterate through Prefetch Files for (int i = 0; i < pfFiles.Length; i++) { // Get bytes for specific Prefetch file byte[] fileBytes = null; try { fileBytes = File.ReadAllBytes(pfFiles[i]); } catch (ArgumentException) { throw new ArgumentException("ArgumentException thrown by Prefetch.GetInstance()"); } catch (PathTooLongException) { throw new PathTooLongException("PathTooLongException thrown by Prefetch.GetInstance()"); } catch (DirectoryNotFoundException) { throw new DirectoryNotFoundException("DirectoryNotFoundException thrown by Prefetch.GetInstance()"); } catch (IOException) { throw new IOException("IOException thrown by Prefetch.GetInstance()"); } catch (UnauthorizedAccessException) { throw new UnauthorizedAccessException("UnauthorizedAccessException thrown by Prefetch.GetInstance()"); } // Output the Prefetch object for the corresponding file pfArray[i] = (new Prefetch(fileBytes)); } // Return array or Prefetch objects return(pfArray); } else { return(null); } }