public List <FileMetadata> GetDirectoryContent(string path)
{
List <FileMetadata> files = new List <FileMetadata>();
string command = "Get-ChildItem -force " + path;
foreach (PSObject line in _psr.ExecuteCommand(command))
{
FileMetadata file = new FileMetadata();
file.CreationTime = line.Properties["CreationTimeUtc"].Value.ToString();
file.LastAccessTime = line.Properties["LastAccessTimeUtc"].Value.ToString();
file.LastWriteTime = line.Properties["LastWriteTimeUtc"].Value.ToString();
file.Attributes = line.Properties["Attributes"].Value.ToString();
file.Name = line.Properties["Name"].Value.ToString();
file.FullName = line.Properties["FullName"].Value.ToString();
if (!file.Attributes.Contains("Directory"))
{
file.Length = line.Properties["Length"].Value.ToString();
}
if (!file.Attributes.Contains("Directory"))
{
file.Extension = line.Properties["Extension"].Value.ToString();
}
files.Add(file);
}
return(files);
}
public void UploadFile(string command)
{
string response = null;
foreach (PSObject line in ps.ExecuteCommand(command))
{
response += line.ToString();
}
}
public List <FalconOrchestrator.Forensics.Process> ListProcesses(string command)
{
List <Process> result = new List <Process>();
foreach (PSObject line in _psr.ExecuteCommand(command))
{
Process proc = new Process();
line.Properties.ToList().ForEach(x => proc.GetType().GetProperty(x.Name).SetValue(proc, x.Value));
result.Add(proc);
}
return(result);
}
public List <SystemRestorePoint> GetRestorePoints()
{
List <SystemRestorePoint> restorePoints = new List <SystemRestorePoint>();
foreach (PSObject result in _psr.ExecuteCommand("Get-ComputerRestorePoint"))
{
SystemRestorePoint point = new SystemRestorePoint();
point.CreationTime = result.Members["CreationTime"].Value.ToString();
point.Description = result.Members["Description"].Value.ToString();
point.SequenceNumber = result.Members["SequenceNumber"].Value.ToString();
point.EventType = result.Members["EventType"].Value.ToString();
point.RestorePointType = result.Members["RestorePointType"].Value.ToString();
point.EventType = EventTypeMapping(point.EventType);
point.RestorePointType = RestorePointTypeMapping(point.RestorePointType);
restorePoints.Add(point);
}
return(restorePoints);
}
public List <InstalledSoftware> GetInstalledSoftware(string command)
{
List <InstalledSoftware> list = new List <InstalledSoftware>();
foreach (PSObject line in _psr.ExecuteCommand(command))
{
InstalledSoftware item = new InstalledSoftware();
if (line.Properties["InstalledDate"].Value != null)
{
item.InstallDate = line.Properties["InstalledDate"].Value.ToString();
}
if (line.Properties["AppName"].Value != null)
{
item.DisplayName = line.Properties["AppName"].Value.ToString();
}
if (line.Properties["AppVersion"].Value != null)
{
item.DisplayVersion = line.Properties["AppVersion"].Value.ToString();
}
if (line.Properties["AppVendor"].Value != null)
{
item.Publisher = line.Properties["AppVendor"].Value.ToString();
}
if (line.Properties["UninstallKey"].Value != null)
{
item.UninstallKey = line.Properties["UninstallKey"].Value.ToString();
}
if (line.Properties["AppGuid"].Value != null)
{
item.Guid = line.Properties["AppGuid"].Value.ToString();
}
if (line.Properties["Softwarearchitecture"].Value != null)
{
item.Architecture = line.Properties["Softwarearchitecture"].Value.ToString();
}
list.Add(item);
}
return(list);
}