Windows Finding File Commands

Commands that find files on the filesystem and are usually executed from the context of the cmd.exe or command.exe prompt.

dir

Attributes Showing

  • Command with arguments: dir /a
  • Description: Displays files with specified attributes. Examples: D=Directories, R=Read-only files, H=Hidden files, A=Files ready for archiving, S=System files
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>dir /a c:\
      Volume in drive C has no label. Volume Serial Number is 1A09-5F16

      Directory of c:\

      01/19/2008 03:45 AM $Recycle.Bin
      09/18/2006 04:43 PM 24 autoexec.bat
      10/08/2013 10:27 PM Boot
      04/11/2009 08:00 AM 333,257 bootmgr
      10/08/2013 10:27 PM 8,192 BOOTSECT.BAK
      09/18/2006 04:43 PM 10 config.sys
      01/19/2008 06:47 AM Documents and Settings [C:\Users]
      10/23/2013 07:39 PM 2,460,454,912 pagefile.sys
      01/19/2008 04:40 AM PerfLogs
      10/08/2013 06:36 PM Program Files
      10/08/2013 06:36 PM
      10/10/2013 07:59 PM Users
      10/23/2013 07:38 PM Windows
      5 File(s) 2,460,796,395 bytes
      10 Dir(s) 33,311,416,320 bytes free</code></div>

Recursive

  • Command with arguments: dir /b /s [directory or filename]
  • Description: Displays files recursively (all subdirectories). Good for post processing with find (example: find /I “searchstring”) or sending to another tool.
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>dir /b /s c:\temp
      c:\Users\Default\AppData\Local\Temp
      c:\Users\johndoe\AppData\Local\Temp
      c:\Windows\Temp
      c:\Windows\assembly\temp
      c:\Windows\assembly\NativeImages_v2.0.50727_32\Temp
      c:\Windows\System32\DriverStore\Temp
      c:\Windows\winsxs\Temp

find

  • Command with arguments: [somecommand] \| find /c /v ”[searchstring]”
  • Description: Counts the number of times the [searchstring] is found in the output of [somecommand].
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>dir /a /s c:\ |find /c /v "svchost" 99184

tree

  • Command with arguments: tree C:\ /f /a > C:\output_of_tree.txt
  • Description: Prints a directory listing in tree format. The /a makes the tree printed with ASCII characters instead of special ones and the /f displays file names as well as folders.
  • Output:
    • **Windows 2008:** Show/Hide
      C:\Users\johndoe>tree C:\ /f /a
      Folder PATH listing
      Volume serial number is 1A09-5F16
      C:\
      | autoexec.bat
      | config.sys
      |
      +---PerfLogs
      +---Program Files
      | +---Common Files
      | | +---microsoft shared
      | | | +---DAO
      | | | | dao360.dll
      | | | |
      | | | +---ink
      | | | | | penchs.dll
      | | | | | pencht.dll
      | | | | | penjpn.dll
      | | | | | penkor.dll
      | | | | | penusa.dll
      | | | | | pipanel.dll
      | | | | | pipanel.exe
      | | | | | pipres.dll
      | | | | | skchobj.dll
      | | | | | skchui.dll
      | | | | |
      | | | | +---ar-SA
      | | | | | tipresx.dll.mui
      | | | | |
      [...SNIP...]