Copy-PRItem Error
Opened this issue · 1 comments
valrkey commented
Describe the bug
Copy-PRItem framework function does not copy all files
To Reproduce
Steps to reproduce the behavior:
- Start Power-Response
- Select menu option
Disk - Select plugin
Retrieve-NTFSArtifacts - Execute plugin
- See error related to copying the
C:\$Extend\$UsnJrnl:$Jfile
Expected behavior
I would expect this function to copy the $UsnJrnl:$J file.
Framework vs Plugin
Is this a bug in the framework (Power-Response.ps1) or a specific plugin?
This error shows when a plugin uses the framework function Copy-PRItem on the $UsnJrnl:$J file.
System (please complete the following information):
- OS: Windows 10
- PowerShell Version: 5.1
valrkey commented
Discovered this issue also holds for Retrieve-RecycleBin plugin and trying to grab C:\$Recycle.bin\{SID}\*.