< Back
Get-ForensicRecentFileCache
Post
NAME Get-ForensicRecentFileCache
SYNOPSIS
Gets previously run commands from the RecentFileCache.bcf file.
SYNTAX
Get-ForensicRecentFileCache [[-VolumeName] <String>] [<CommonParameters>]
Get-ForensicRecentFileCache -Path <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicRecentFileCache cmdlet parses the RecentFileCache.bcf file to derive applications that were
recently used. If you don't specify a file path (-Path), the cmdlet parses the
C:\\Windows\\AppCompat\\Programs\\RecentFileCache.bcf.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? 0
Default value \\\\.\\C:
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to RecentFileCache.bcf file to process.
Required? true
Position? named
Default value
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.String
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicRecentFileCache
This example shows Get-ForensicRecentFileCache being run against the default RecentFileCache.bcf
(C:\\Windows\\AppCompat\\Programs\\RecentFileCache.bcf)
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ForensicRecentFileCache -Path C:\\Windows\\AppCompat\\Programs\\RecentFileCache.bcf
This is an example of Get-ForensicRecentFileCache taking a RecentFileCache.bcf file path as an argument.
RELATED LINKS
SYNOPSIS
Gets previously run commands from the RecentFileCache.bcf file.
SYNTAX
Get-ForensicRecentFileCache [[-VolumeName] <String>] [<CommonParameters>]
Get-ForensicRecentFileCache -Path <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicRecentFileCache cmdlet parses the RecentFileCache.bcf file to derive applications that were
recently used. If you don't specify a file path (-Path), the cmdlet parses the
C:\\Windows\\AppCompat\\Programs\\RecentFileCache.bcf.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? 0
Default value \\\\.\\C:
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to RecentFileCache.bcf file to process.
Required? true
Position? named
Default value
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.String
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicRecentFileCache
This example shows Get-ForensicRecentFileCache being run against the default RecentFileCache.bcf
(C:\\Windows\\AppCompat\\Programs\\RecentFileCache.bcf)
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ForensicRecentFileCache -Path C:\\Windows\\AppCompat\\Programs\\RecentFileCache.bcf
This is an example of Get-ForensicRecentFileCache taking a RecentFileCache.bcf file path as an argument.
RELATED LINKS