disksnapshot

disksnapshot #

DiskSnapshot.exe


disksnapshot #

  • C:\Windows\system32\DiskSnapshot.exe -h

STDERR:

DiskSnapshot.exe [options]
	-c write detail data to console
	-i write detail data to console (same as -c)
	-s (deprecated) summary data to console
	-u process large volumes (no limit)
	-j [config] specifies an alternate config file
	-v [volume][path] specifies volume(+path) to process, e.g. "d:" or "d:\foo" 
	-d [input-file] print encoded versions of the strings in the input file, for decoding purposes
	-e prints out escalation keywords
	-k calculate checksums for files, used to investigate duplicated on-disk content (c arg required).
	-o [output-file] write detail data to a file

リターンコード: 0

>ver
Microsoft Windows [Version 10.0.19044.1288]
C:\Windows\system32\DiskSnapshot.exe
ファイル情報
サイズ85504bytes
作成日2021/10/06 22:52:38
更新日2021/10/06 22:52:38
ProductVersion10.0.19041.1081
FileVersion10.0.19041.1081 (WinBuild.160101.0800)
HashValue
MD5c2425e2246c0cbb2fca050b2d667d791
SHA1f602e32e231ef4059e517235d91fbf9eec5a7f60
SHA22409e1a0acc0e3f3ec16abf6467325fde846ac0bbd56b58c505c760799
SHA256f9a712caed73ec1392224aa13f48b154832151488e53410f1130cdf81aacf2ae
SHA38495dedde36de0f82579879ee8c41bd0e270deba5d8eba22fa795de79404cf6bb5b95d64db9cd4490d1e995c72735cc409
SHA512a1a8087b007d454f7f18840afb61d454083e172ab7ed3583cb971d8ce2397b9c063fd32ad999f439be99d7081db236f14137b0493dc498f478e2797c3c106170