-
Notifications
You must be signed in to change notification settings - Fork 0
/
FileWatcher_READ_ME_EN.txt
47 lines (33 loc) · 2.58 KB
/
FileWatcher_READ_ME_EN.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Tool name: FileWatcher.exe
Version: 1.0
SHA256 checksum: 55BF9773FC851F84660A71545EA23E6F25B9253036118B87143831E83DCCD6C1
File Size: 30 KB
Written in PowerShell (built on top of the .NET Framework and .NET Core).
Compiled to an .exe executable file with the MZ file header.
Author: Michał Sołtysik
Cybersecurity Analyst & Consultant | Deep Packet Inspection Analyst | Digital Forensics Examiner | SOC Trainer | CyberWarfare Organizer
LinkedIn: https://www.linkedin.com/in/michal-soltysik-ssh-soc/
Email: [email protected]
Purpose: The script monitors a specified directory for file system changes, logging them and providing real-time notifications.
License: Free for personal and commercial use.
Here's a step-by-step breakdown of what the script does:
1. Print Information:
- Prints application and license information in green color, welcoming the user to "FileWatcher" and providing instructions for running the script as an administrator. It also displays information about the creator, including his name, role, and LinkedIn profile.
2. Error Handling Function:
- Defines a function named Handle-Error to handle errors by displaying error messages in red and exiting the script with an exit code of 1.
3. Set Execution Policy:
- Attempts to change the execution policy to Unrestricted for the current session. If unsuccessful, it calls the error handling function to display an error message.
4. Start Transcript Logging:
- Begins logging script output to a text file named "FileWatcher_log.txt" on the user's desktop, appending to the existing log if it already exists.
5. Prompt User Input:
- Prompts the user to enter the path to monitor.
6. Specify Monitoring Parameters:
- Specifies the files to monitor, whether to include subfolders, the file or folder properties to monitor, the types of changes to monitor, and the timeout for monitoring.
7. Define Action Function:
- Defines a function named Invoke-SomeAction to handle file system changes by capturing information about the changes, formatting it, and writing it to the console and a results file on the desktop.
8. Monitor File System Changes:
- Creates a FileSystemWatcher object to monitor the specified path for file system changes. It enters a loop to continuously wait for changes and invokes the action function for each change.
9. Release Resources:
- Releases the FileSystemWatcher object and stops transcript logging once the monitoring loop is aborted by pressing CTRL+C. It displays the transcript log location.
10. End of Script:
- Marks the end of the script.