-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathGet_RecyleBin
24 lines (20 loc) · 896 Bytes
/
Get_RecyleBin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Set-Variable -Name ErrorActionPreference -Value SilentlyContinue
echo '-------------------------';
echo "[+] INFO: Dumping Recycle Bin only 3 paths deep"
echo '-------------------------';
(Get-ChildItem -Path 'C:\$Recycle.Bin' -Force -Recurse -depth 3 ) | select * | ForEach-Object {
if (($_).Name -match '\$I') {
$VarMeta = "$((Get-Content ($_).FullName) -replace '.*\u0001.','' -replace '\u0000','')"
Clear-Variable -Name varPath
}
if (($_).Name -match 'S-.-.-.'){
$VarUser = "$((New-Object System.Security.Principal.SecurityIdentifier(($_).BaseName)).Translate([System.Security.Principal.NTAccount]).value)"
}
if (($_).Name -match '\$R'){
Clear-Variable -Name varPath
} else {
$varPath = "$($_.FullName)"
Write-Output "$($VarUser)`t$($VarMeta)`t$($varPath)"
Clear-Variable -Name varPath,VarMeta
}
}