[CmdletBinding()]
param(
    [Parameter(Mandatory)]
    [datetime]$StartTimestamp,
    [Parameter(Mandatory)]
    [datetime]$EndTimestamp,
    [Parameter()]
    [string[]]$LogFileExtension = @('log')
)
#03-24-2026 19:03:26
# Code from CloudGuru/Pluralsight Lab
# https://app.pluralsight.com/hands-on/labs/9558fe0b-2654-40c1-b5ab-2347a8a06c98

$Error.Clear()

## Query all event logs to search
$logs = (Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue | Where-Object {$_.RecordCount}).LogName
## Filter event logs based on my timeframe
$FilterTable = @{
    'StartTime' = $StartTimestamp
    'EndTime' = $EndTimestamp
    'LogName' = $logs
}

$winEvents = Get-WinEvent -FilterHashTable $FilterTable -ErrorAction SilentlyContinue | Sort-Object -Property TimeCreated 
$winEvents | Export-Csv -Path '.\LogActivity-eventlogs.csv' -Append

## Find all local volumes
$drives = (Get-PSDrive -PSProvider FileSystem -Scope Local -ErrorAction SilentlyContinue).where({ $_.Root -match '\w{1}:\\$'}) | Select-Object -ExpandProperty Root
$drives = "C:\"
$searchPattern = $LogFileExtension | ForEach-Object { "*.$_" }

Get-ChildItem -Path $drives -Include $searchPattern -Recurse -File -ErrorAction SilentlyContinue | 
 Where-Object { 
   $_.LastWriteTime -ge $StartTimestamp -and $_.LastWriteTime -le $EndTimestamp } | Export-Csv -Path '.\LogActivity-textlogs.csv' -Append