From e5bc6c1a3d4ad4aa6d145b97ca262754fc2ad9f2 Mon Sep 17 00:00:00 2001
From: maxxi <maxxi@gitea.de>
Date: Tue, 24 Mar 2026 19:21:27 +0100
Subject: [PATCH] commit after lab

---
 Get-WindowsEventActivity.ps1 | 41 ++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 Get-WindowsEventActivity.ps1

diff --git a/Get-WindowsEventActivity.ps1 b/Get-WindowsEventActivity.ps1
new file mode 100644
index 0000000..6d5102f
--- /dev/null
+++ b/Get-WindowsEventActivity.ps1
@@ -0,0 +1,41 @@
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory)]
+    [datetime]$StartTimestamp,
+    [Parameter(Mandatory)]
+    [datetime]$EndTimestamp,
+    [Parameter()]
+    [string[]]$LogFileExtension = @('log')
+)
+#03-24-2026 19:03:26
+# Code from CloudGuru/Pluralsight Lab
+# https://app.pluralsight.com/hands-on/labs/9558fe0b-2654-40c1-b5ab-2347a8a06c98
+
+$Error.Clear()
+
+#region Interrogate Windows event logs
+## Query all event logs to search
+$logs = (Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue | Where-Object {$_.RecordCount}).LogName
+## Filter event logs based on my timeframe
+$FilterTable = @{
+    'StartTime' = $StartTimestamp
+    'EndTime' = $EndTimestamp
+    'LogName' = $logs
+}
+
+$winEvents = Get-WinEvent -FilterHashTable $FilterTable -ErrorAction SilentlyContinue | Sort-Object -Property TimeCreated 
+$winEvents | Export-Csv -Path '.\LogActivity-eventlogs.csv' -Append
+## Output to CSV maybe here
+#endregion
+#region Interrogate text files
+## Find all local volumes
+$drives = (Get-PSDrive -PSProvider FileSystem -Scope Local -ErrorAction SilentlyContinue).where({ $_.Root -match '\w{1}:\\$'}) | Select-Object -ExpandProperty Root
+$drives = "C:\"
+$searchPattern = $LogFileExtension | ForEach-Object { "*.$_" }
+
+Get-ChildItem -Path $drives -Include $searchPattern -Recurse -File -ErrorAction SilentlyContinue | 
+ Where-Object { 
+   $_.LastWriteTime -ge $StartTimestamp -and $_.LastWriteTime -le $EndTimestamp } | Export-Csv -Path '.\LogActivity-textlogs.csv' -Append
+## Find all of the text files with the last write time within my timeframe
+## Output to CSV?
+#endregion
\ No newline at end of file