commit after lab

Get-WindowsEventActivity.ps1

@@ -0,0 +1,41 @@
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory)]
+    [datetime]$StartTimestamp,
+    [Parameter(Mandatory)]
+    [datetime]$EndTimestamp,
+    [Parameter()]
+    [string[]]$LogFileExtension = @('log')
+)
+#03-24-2026 19:03:26
+# Code from CloudGuru/Pluralsight Lab
+# https://app.pluralsight.com/hands-on/labs/9558fe0b-2654-40c1-b5ab-2347a8a06c98
+
+$Error.Clear()
+
+#region Interrogate Windows event logs
+## Query all event logs to search
+$logs = (Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue | Where-Object {$_.RecordCount}).LogName
+## Filter event logs based on my timeframe
+$FilterTable = @{
+    'StartTime' = $StartTimestamp
+    'EndTime' = $EndTimestamp
+    'LogName' = $logs
+}
+
+$winEvents = Get-WinEvent -FilterHashTable $FilterTable -ErrorAction SilentlyContinue | Sort-Object -Property TimeCreated 
+$winEvents | Export-Csv -Path '.\LogActivity-eventlogs.csv' -Append
+## Output to CSV maybe here
+#endregion
+#region Interrogate text files
+## Find all local volumes
+$drives = (Get-PSDrive -PSProvider FileSystem -Scope Local -ErrorAction SilentlyContinue).where({ $_.Root -match '\w{1}:\\$'}) | Select-Object -ExpandProperty Root
+$drives = "C:\"
+$searchPattern = $LogFileExtension | ForEach-Object { "*.$_" }
+
+Get-ChildItem -Path $drives -Include $searchPattern -Recurse -File -ErrorAction SilentlyContinue | 
+ Where-Object { 
+   $_.LastWriteTime -ge $StartTimestamp -and $_.LastWriteTime -le $EndTimestamp } | Export-Csv -Path '.\LogActivity-textlogs.csv' -Append
+## Find all of the text files with the last write time within my timeframe
+## Output to CSV?
+#endregion