< Back
Get-ForensicBitmap
Post
NAME Get-ForensicBitmap
SYNOPSIS
Determines whether the specified cluster is allocated.
SYNTAX
Get-ForensicBitmap [[-VolumeName] <String>] -Cluster <UInt64> [<CommonParameters>]
Get-ForensicBitmap -Path <String> -Cluster <UInt64> [<CommonParameters>]
DESCRIPTION
The Get-Bitmap cmdlet parses the $Bitmap file to determine whether or not the specified cluster is allocated.
By default, the cmdlet parses the $Bitmap file on the C:\\ drive. To change the target drive, use the
VolumeName parameter or use the Path parameter to specify an exported $Bitmap file.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? 0
Default value \\\\.\\C:
Accept pipeline input? false
Accept wildcard characters? false
-Cluster <UInt64>
The cluster number to check for allocation.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to file to be parsed.
Required? true
Position? named
Default value
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
OUTPUTS
PowerForensics.Ntfs.Bitmap
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-Bitmap -Cluster 1000
Cluster InUse
------- -----
1000 True
This example shows Get-Bitmap being used to check Cluster 1000's allocation status.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-Bitmap -Cluster 1000 -Path 'C:\\$Bitmap'
Cluster InUse
------- -----
1000 True
This example shows Get-Bitmap checking cluster 1000 of the exported C:\\$Bitmap file.
RELATED LINKS
SYNOPSIS
Determines whether the specified cluster is allocated.
SYNTAX
Get-ForensicBitmap [[-VolumeName] <String>] -Cluster <UInt64> [<CommonParameters>]
Get-ForensicBitmap -Path <String> -Cluster <UInt64> [<CommonParameters>]
DESCRIPTION
The Get-Bitmap cmdlet parses the $Bitmap file to determine whether or not the specified cluster is allocated.
By default, the cmdlet parses the $Bitmap file on the C:\\ drive. To change the target drive, use the
VolumeName parameter or use the Path parameter to specify an exported $Bitmap file.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? 0
Default value \\\\.\\C:
Accept pipeline input? false
Accept wildcard characters? false
-Cluster <UInt64>
The cluster number to check for allocation.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to file to be parsed.
Required? true
Position? named
Default value
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
OUTPUTS
PowerForensics.Ntfs.Bitmap
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-Bitmap -Cluster 1000
Cluster InUse
------- -----
1000 True
This example shows Get-Bitmap being used to check Cluster 1000's allocation status.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-Bitmap -Cluster 1000 -Path 'C:\\$Bitmap'
Cluster InUse
------- -----
1000 True
This example shows Get-Bitmap checking cluster 1000 of the exported C:\\$Bitmap file.
RELATED LINKS