Академический Документы
Профессиональный Документы
Культура Документы
[Parameter(Mandatory=$true,
ValueFromPipeline=$True)]
[Alias('Folder')]
[string[]]$Path,
[Alias('UserName')]
[string]$InfectedUser,
[Alias('Date')]
[string]$InfectionDate,
[ValidateLength(1,1)]
[string]$DriveLetter,
[switch]$NoCompare,
[switch]$FullScan
)
BEGIN {
# Parameter and environment sanity checking
$TestPrereq = Get-Command -Name Get-FileTimeStamp
-ErrorAction SilentlyContinue
if (!$TestPrereq) {
Write-Warning -Message 'Get-FileTimeStamp must be loaded
to run this. If you need Get-FileTimeStamp, it can be downloaded
from:'
Write-Warning -Message
'http://gallery.technet.microsoft.com/scriptcenter/Get-MFTTimestamp-of-a-file-9227f399'
Write-Error -Message 'Get-FileTimeStamp is required and not
loaded!' `
-Category ResourceUnavailable `
-CategoryActivity 'Function run without prereq GetFileTimeStamp loaded' `
-CategoryReason 'Get-FileTimeStamp is required to
capture data' `
-RecommendedAction 'Load Get-FileTimeStamp'
Break
}
if ($NoCompare -and !$InfectedUser) {
Write-Warning -Message 'Using the NoCompare switch
without InfectedUser is not supported and will have no effect.'
}
# Variable setup
$StartTime = Get-Date
if ($InfectionDate) {
$regex = "^1?\d/[123]?\d/[12][90]\d{2}"
}
}
if ($RemoveDrive) {
Remove-PSDrive -Name $DriveLetter
Write-Verbose -Message "$DriveLetter disconnected from
$folder"
}
}
}
END {
$EndTime = Get-Date
$TotalTime = (("$($EndTime - $StartTime)").Split('.')[0])
Write-Verbose -Message "Process ended at $EndTime"
Write-Verbose -Message "Total time was $TotalTime"
}
}