Goodday all, what kind of query can I use on Windo...
# generals
SK
12/21/2020, 8:29 AMGoodday all, what kind of query can I use on Windows to get any results from device_file or device_hash or device_partitions? According to the schema on the website they are not available on Windows but they are available under 4.5.1.
SK
12/21/2020, 8:14 PMFigured it out, here some examples for Windows, first get the id for the disk partition from
disk_infoselect * from device_partitions where device = '\\.\PHYSICALDRIVE0';select * from device_file where device = '\\.\PHYSICALDRIVE0' and partition = 4;select * from device_hash where device = '\\.\PHYSICALDRIVE0' and partition = 4 and inode=0;SK
12/23/2020, 2:00 PMOr
block_devicesdisk_info4 Views