search

Time

hashtag
Accessed Time

All accessed times:

dir /ta

All accessed times, recursive:

dir /ta /s

Accessed on EXACT date:

dir /ta /s | findstr "01/17/2024"

Accessed on EXACT date:

Get-ChildItem -Path C:\ -Recurse -Filter "*.*" -LastAccessTime "02/16/2024"

Accessed AFTER, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastAccessTime -gt "MM/DD/YYYY" }

Accessed BEFORE, recursive:

Get-ChildItem "C:\path" -Recurse | Where-Object { $_.LastAccessTime -lt "MM/DD/YYYY" }

Accessed within date range:

$startDate = Get-Date "MM/DD/YYYY"; $endDate = Get-Date "MM/DD/YYYY"; Get-ChildItem -Path "C:\path" -Recurse | Where-Object { $_.LastAccessTime -gt $startDate -and $_.LastAccessTime -lt $endDate }

hashtag
Modified Time

All modified times:

All modified times, recursive:

Modified on EXACT date:

Modified on EXACT date /m allows wildcards:

Modified on EXACT date:

Modified AFTER, recursive:

Modified AFTER, recursive:

Modified BEFORE, recursive:

Modified BEFORE, recursive:

Modified within date range:

hashtag
Creation Time

All creation times:

All creation times, recursive:

Creation on EXACT date:

Creation on EXACT date:

Creation AFTER, recursive:

Creation BEFORE, recursive:

Created within date range:

hashtag
Metadata Change Time

Combining FORFILES and PowerShell:

Explanation:

FORFILES /S /M "*.*" iterates through files recursively.

/C "cmd /c ..." executes a command for each file.

PowerShell within the command checks if the LastWriteTimeUtc differs from CreationTimeUtc, indicating metadata change.

circle-exclamation

This is not definitive.

The last write time can be different than the creation time if the file content was modified.

PreviousFilenameNextSize

Last updated