This function is designed to be used with finding file signatures on one or more files. You can specifiy the byte offsets, number of bytes to return and even filter for a specific signature using this function. Useful for finding files that may have had the extensions changed to hide the realy type of the file.

 

This function will be used in an upcoming Hey, Scripting Guy! article. (Date to be announced later)

 

Remember to dot source the script to load the function into the current session!

 

PowerShell
Edit|Remove
. .\Get-FileSignature.ps1
 
PowerShell
Edit|Remove
#Find all ISO files with or without an .ISO extension 
Get-ChildItem -Recurse |  
Get-FileSignature -ByteLimit 5 -ByteOffset 0x8001 -HexFilter "4344 3030 31"