< Back
Get-ForensicSid
Post
NAME Get-ForensicSid
SYNOPSIS
Gets the system's Security Identifier (SID).
SYNTAX
Get-ForensicSid [-VolumeName <String>] [<CommonParameters>]
Get-ForensicSid -HivePath <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicSid cmdlet parses the SAM hive to derive the system's Security Identifier.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-HivePath <String>
Registry hive to parse.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.Security.Principal.SecurityIdentifier
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicSid | Format-List
BinaryLength : 24
AccountDomainSid : S-1-5-21-390730339-1025693957-1587674390
Value : S-1-5-21-390730339-1025693957-1587674390
This command parses the C:\\Windows\\system32\\config\\SAM hive and returns the results in a list.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ForensicSid -HivePath C:\\Windows\\System32\\config\\SAM
BinaryLength : 24
AccountDomainSid : S-1-5-21-390730339-1025693957-1587674390
Value : S-1-5-21-390730339-1025693957-1587674390
This command uses the HivePath parameter of Get-ForensicSid to specify an exported SAM hive
to parse.
RELATED LINKS
SYNOPSIS
Gets the system's Security Identifier (SID).
SYNTAX
Get-ForensicSid [-VolumeName <String>] [<CommonParameters>]
Get-ForensicSid -HivePath <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicSid cmdlet parses the SAM hive to derive the system's Security Identifier.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-HivePath <String>
Registry hive to parse.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.Security.Principal.SecurityIdentifier
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicSid | Format-List
BinaryLength : 24
AccountDomainSid : S-1-5-21-390730339-1025693957-1587674390
Value : S-1-5-21-390730339-1025693957-1587674390
This command parses the C:\\Windows\\system32\\config\\SAM hive and returns the results in a list.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ForensicSid -HivePath C:\\Windows\\System32\\config\\SAM
BinaryLength : 24
AccountDomainSid : S-1-5-21-390730339-1025693957-1587674390
Value : S-1-5-21-390730339-1025693957-1587674390
This command uses the HivePath parameter of Get-ForensicSid to specify an exported SAM hive
to parse.
RELATED LINKS