From wikipedia
“Forfiles” is a windows command that was first available for windows vista operating system, it allows command line users to run command to know the usage of files which was used past 10 days or 30 days,their are several options that makes things more interesting which helps in cyber forensics
Options For forfile in command prompt
Shows past number of days of modified date(option /D)
Searches file by name (option /M)
Shows files in subdirectories (option /S)
shows file in a specific directory (option /P)
Searches file by name (option /M)
Shows files in subdirectories (option /S)
shows file in a specific directory (option /P)
How to find all .txt or .xslx or .exe that are used in last 30 days
forfiles /D -30 /S /M *.exe /C "cmd /c echo @path”
In the above command @path is just used to display the complete path of the file,instead we can use @fdate(file date) , @ftime(file time), @fsize(file size), @fname(file name), @file(name with extension), @ext(extension). Here we can use multiple commands in single execution
For example: forfiles /D -30 /S /M *.exe /C "cmd /c echo @ext @fname @fdate”
This following will display extension file name and file date
Find usage of files in a specific directory by date
Forfiles /P d: /S /D +2/26/2015
This below image appears to display all the files present in the (d:) directory by given date
Dates are flexible and also the directory can be anything like (d: c: e: etc...)
How to find usage of files that are used past 30 days
forfiles /p d: /s /D -30
Here in the below image it appears to be showing all the files located in D drive including subfolder past 30 days (1 month back)
Author“Abdul Salam is a cyber security researcher and Corporate Trainer of Ignite Technologies Pvt. Ltd. He is Having 2+ Year Experience in Cyber Security.