Time

Accessed Time

All accessed times:

dir /ta

All accessed times, recursive:

dir /ta /s

Accessed on EXACT date:

dir /ta /s | findstr "01/17/2024"

Accessed on EXACT date:

Get-ChildItem -Path C:\ -Recurse -Filter "*.*" -LastAccessTime "02/16/2024"

Accessed AFTER, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastAccessTime -gt "MM/DD/YYYY" }

Accessed BEFORE, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastAccessTime -lt "MM/DD/YYYY" }

Accessed within date range:

$startDate = Get-Date "MM/DD/YYYY"; $endDate = Get-Date "MM/DD/YYYY"; Get-ChildItem -Path "C:\path" -Recurse | Where-Object { $_.LastAccessTime -gt $startDate -and $_.LastAccessTime -lt $endDate }

Modified Time

All modified times:

dir /tw

All modified times, recursive:

dir /tw /s

Modified on EXACT date:

dir /tw /s | findstr "01/17/2024"

Modified on EXACT date /m allows wildcards:

forfiles /P /M "*.*" /S /D "-02/16/2024"

Modified on EXACT date:

Get-ChildItem -Path C:\ -Recurse -Filter "*.*" -LastWriteTime "02/16/2024"

Modified AFTER, recursive:

forfiles /P "C:\path" /S /D +MM/DD/YYYY

Modified AFTER, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastWriteTime -gt "MM/DD/YYYY" }

Modified BEFORE, recursive:

forfiles /P "C:\path" /S /D -MM/DD/YYYY

Modified BEFORE, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastWriteTime -lt "MM/DD/YYYY" }

Modified within date range:

$startDate = Get-Date "MM/DD/YYYY"; $endDate = Get-Date "MM/DD/YYYY"; Get-ChildItem -Path "C:\path" -Recurse | Where-Object { $_.LastWriteTime -gt $startDate -and $_.LastWriteTime -lt $endDate }

Creation Time

All creation times:

dir /tc

All creation times, recursive:

dir /tc /s

Creation on EXACT date:

dir /tc /s | findstr "01/17/2024"

Creation on EXACT date:

Get-ChildItem -Path C:\ -Recurse -Filter "*.*" -CreationTime "02/16/2024"

Creation AFTER, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.CreationTime -gt "MM/DD/YYYY" }

Creation BEFORE, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.CreationTime -lt "MM/DD/YYYY" }

Created within date range:

$startDate = Get-Date "MM/DD/YYYY"; $endDate = Get-Date "MM/DD/YYYY"; Get-ChildItem -Path "C:\path" -Recurse | Where-Object { $_.CreationTime -gt $startDate -and $_.CreationTime -lt $endDate }

Metadata Change Time

Combining FORFILES and PowerShell:

forfiles /S /M "*.*" /C "cmd /c powershell -NoProfile (Get-ChildItem -Path %p).LastWriteTimeUtc -ne (Get-ChildItem -Path %p).CreationTimeUtc"

Explanation:

FORFILES /S /M "*.*" iterates through files recursively.

/C "cmd /c ..." executes a command for each file.

PowerShell within the command checks if the LastWriteTimeUtc differs from CreationTimeUtc, indicating metadata change.

This is not definitive.

The last write time can be different than the creation time if the file content was modified.

PreviousFilename NextSize

Last updated 1 year ago

Was this helpful?

Time

Accessed Time

All accessed times:

dir /ta

All accessed times, recursive:

dir /ta /s

Accessed on EXACT date:

dir /ta /s | findstr "01/17/2024"

Accessed on EXACT date:

Get-ChildItem -Path C:\ -Recurse -Filter "*.*" -LastAccessTime "02/16/2024"

Accessed AFTER, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastAccessTime -gt "MM/DD/YYYY" }

Accessed BEFORE, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastAccessTime -lt "MM/DD/YYYY" }

Accessed within date range:

$startDate = Get-Date "MM/DD/YYYY"; $endDate = Get-Date "MM/DD/YYYY"; Get-ChildItem -Path "C:\path" -Recurse | Where-Object { $_.LastAccessTime -gt $startDate -and $_.LastAccessTime -lt $endDate }

Modified Time

All modified times:

dir /tw

All modified times, recursive:

dir /tw /s

Modified on EXACT date:

dir /tw /s | findstr "01/17/2024"

Modified on EXACT date /m allows wildcards:

forfiles /P /M "*.*" /S /D "-02/16/2024"

Modified on EXACT date:

Get-ChildItem -Path C:\ -Recurse -Filter "*.*" -LastWriteTime "02/16/2024"

Modified AFTER, recursive:

forfiles /P "C:\path" /S /D +MM/DD/YYYY

Modified AFTER, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastWriteTime -gt "MM/DD/YYYY" }

Modified BEFORE, recursive:

forfiles /P "C:\path" /S /D -MM/DD/YYYY

Modified BEFORE, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastWriteTime -lt "MM/DD/YYYY" }

Modified within date range:

$startDate = Get-Date "MM/DD/YYYY"; $endDate = Get-Date "MM/DD/YYYY"; Get-ChildItem -Path "C:\path" -Recurse | Where-Object { $_.LastWriteTime -gt $startDate -and $_.LastWriteTime -lt $endDate }

Creation Time

All creation times:

dir /tc

All creation times, recursive:

dir /tc /s

Creation on EXACT date:

dir /tc /s | findstr "01/17/2024"

Creation on EXACT date:

Get-ChildItem -Path C:\ -Recurse -Filter "*.*" -CreationTime "02/16/2024"

Creation AFTER, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.CreationTime -gt "MM/DD/YYYY" }

Creation BEFORE, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.CreationTime -lt "MM/DD/YYYY" }

Created within date range:

$startDate = Get-Date "MM/DD/YYYY"; $endDate = Get-Date "MM/DD/YYYY"; Get-ChildItem -Path "C:\path" -Recurse | Where-Object { $_.CreationTime -gt $startDate -and $_.CreationTime -lt $endDate }

Metadata Change Time

Combining FORFILES and PowerShell:

forfiles /S /M "*.*" /C "cmd /c powershell -NoProfile (Get-ChildItem -Path %p).LastWriteTimeUtc -ne (Get-ChildItem -Path %p).CreationTimeUtc"

Explanation:

FORFILES /S /M "*.*" iterates through files recursively.

/C "cmd /c ..." executes a command for each file.

PowerShell within the command checks if the LastWriteTimeUtc differs from CreationTimeUtc, indicating metadata change.

This is not definitive.

The last write time can be different than the creation time if the file content was modified.

PreviousFilename NextSize

Last updated 1 year ago

Was this helpful?