You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would it be possible to add a feature where WinDirStat could produce its output based on directory information -- not from an attached drive -- but rather from an input file of some type with saved directory information from an offline drive?
For example, a PowerShell command like: Get-ChildItem -recurse |Select-Object FullName,Name, Extension,Mode,Directory,LastWriteTime,Length |Format-Table
captures information similar to what's seen in the headers of the WinDirStat drive hierarchy windows.
If you got a file capture of something similar to this information (in whatever standard format you needed), could that be the input for the WinDirStat presentation and reporting?
I ask because sometimes ransomware threat actors will reach out to victims with a file listing of what items they have exfiltrated, and dealing with the raw data in this format can be overwhelming. WinDirStat is such a great presentation for reviewing the contents of a file hierarchy, I'm wondering if WinDirStat's strengths here could also be leveraged for other inputs than attached storage (even if that data might need to be cleaned up and formatted appropriately for WinDirStat to be able to easily digest it).
The text was updated successfully, but these errors were encountered:
I have a very rough proof of concept with the ability to save and load data just using CSVs which is similar but slightly different from this request. The trick with this request is inferring some of the metadata that is used behind the scenes but not necessary obvious to the user (e.g., all the file attributes such as reparse point information). I will continue to ponder this one...
It needs some work yet, but I committed the functionality to save / load a CSV (b224abf). However, this requires proprietary data in the saved CSV so it's not quite what you're asking for yet. Just wanted to mention it though.
Cool. Even just the export/import of the proprietary data would let the user save a snapshot, and re-load/re-view later, of the disk content, or maybe even run a diff on the exports to find changes.
Thanks for your work.
Would it be possible to add a feature where WinDirStat could produce its output based on directory information -- not from an attached drive -- but rather from an input file of some type with saved directory information from an offline drive?
For example, a PowerShell command like:
Get-ChildItem -recurse |Select-Object FullName,Name, Extension,Mode,Directory,LastWriteTime,Length |Format-Table
captures information similar to what's seen in the headers of the WinDirStat drive hierarchy windows.
If you got a file capture of something similar to this information (in whatever standard format you needed), could that be the input for the WinDirStat presentation and reporting?
I ask because sometimes ransomware threat actors will reach out to victims with a file listing of what items they have exfiltrated, and dealing with the raw data in this format can be overwhelming. WinDirStat is such a great presentation for reviewing the contents of a file hierarchy, I'm wondering if WinDirStat's strengths here could also be leveraged for other inputs than attached storage (even if that data might need to be cleaned up and formatted appropriately for WinDirStat to be able to easily digest it).
The text was updated successfully, but these errors were encountered: