< Back
Get-ForensicTypedUrl
Post
NAME Get-ForensicTypedUrl
SYNOPSIS
Gets the Universal Resource Locators (URL) that have been typed in the Internet Explorer browser.
SYNTAX
Get-ForensicTypedUrl [-VolumeName <String>] [<CommonParameters>]
Get-ForensicTypedUrl -HivePath <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicTypedUrl cmdlet parses a user's NTUSER.DAT file to derive the Universal Resource Locators (URL)
that have been typed into the Internet Explorer browser.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-HivePath <String>
Registry hive to parse.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.String
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicTypedUrl -VolumeName \\\\.\\C:
This command gets the URLs typed into Internet Explorer from all user's NTUSER.DAT hives on the C: logical volume.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ForensicTypedUrl -HivePath C:\\Users\\Public\\NTUSER.DAT
This command gets the URLs typed into Internet Explorer from the C:\\Users\\Public\\NTUSER.DAT hive.
RELATED LINKS
SYNOPSIS
Gets the Universal Resource Locators (URL) that have been typed in the Internet Explorer browser.
SYNTAX
Get-ForensicTypedUrl [-VolumeName <String>] [<CommonParameters>]
Get-ForensicTypedUrl -HivePath <String> [<CommonParameters>]
DESCRIPTION
The Get-ForensicTypedUrl cmdlet parses a user's NTUSER.DAT file to derive the Universal Resource Locators (URL)
that have been typed into the Internet Explorer browser.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-HivePath <String>
Registry hive to parse.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-VolumeName [<String>]
Specifies the name of the volume or logical partition.
Enter the volume name in one of the following formats: \\\\.\\C:, C:, or C.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.String
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicTypedUrl -VolumeName \\\\.\\C:
This command gets the URLs typed into Internet Explorer from all user's NTUSER.DAT hives on the C: logical volume.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-ForensicTypedUrl -HivePath C:\\Users\\Public\\NTUSER.DAT
This command gets the URLs typed into Internet Explorer from the C:\\Users\\Public\\NTUSER.DAT hive.
RELATED LINKS