PowerShell script to list Alternate Data Stream (NTFS) and view the Zone.Identifier contents of files in a folder.
The script (preferably executed in an Administrator console) will parse recursively any selected folder and provide:
-
Field Description Path File path File/Directory Name File or subdirectory name MD5 Hash (File Hash only) The MD5 hash of the File Owner / sid The owner name (if run on local machine) or SID descriptor Length File Size LastWriteTime Last time file was written Attributes File Attributes Stream1 Alternate Data Stream 1 (usually :$Data) Stream2 Alternate Data Stream 2 Stream3 Alternate Data Stream 3 ZoneId1 Zone.Identifier (if exists) entry 1 ZoneId2 Zone.Identifier (if exists) entry 2 ZoneId3 Zone.Identifier (if exists) entry 3 ZoneId4 Zone.Identifier (if exists) entry 4 -
File Open Dialog: User is asked to select a folder:
-
Results window: The outcome - user has the option to sort the results by clicking on a column. User can select all lines (Ctrl+A) or specific lines (Ctrl+click) and copy/paste (Ctrl+C and Ctrl+V) the data to a text file or MS Excel spreadsheet. The Selected lines are saved to a text file after the user presses the OK button.
-
-
References:
Zone.Identifier Zones:
ZoneID Description 0 Computer 1 Local intranet 2 Trusted sites 3 Internet 4 Restricted sites
PowerShell script to list Files/Folders that are HardLinks or Junction Points.