-
Notifications
You must be signed in to change notification settings - Fork 0
/
FileProtect.ps1
63 lines (59 loc) · 2.38 KB
/
FileProtect.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# This uses 4 data streams to manage
# $DATA, which is simply the main data stream of the file (what you get when you open the file), created as part of standard file structure
# DATABackup, which is the second copy of the data, created by the script
# FileHash, the MD5 hash of the file, created by the script
# FLAG, which has the error state of scanning, if any, for user intervention on validation runs.
# This also lays the groundwork for identifying duplicates across the drive through comparision of these precalc'd hashes tied to the file as well
# ADS has some strange limitations - for one, it doesn't show as using any disk, even though it very much does.
# I am not sure what happens when this starts to overflow the drive
# It should also provide a local layer of ransomware protection, to some extentr. ADS is part of NTFS, after an attack you should be able to
# use the second data stream to overwrite the main data stream and recover the original file. This should not be your only layer of protection.
# Scan Mode
# Gather files
# For each file
# If the file has no hash stream
# Clone file to secondary stream
# Hash file and set hash stream
# Else
# if second stream doesn't exist
# if main stream hash matches hash
# copy main stream to second and continue
#else
# flag [NoSecond] and continue
# Calculate hash of both streams
# if main stream doesn't match hash or second doesn't match hash
# if main stream doesn't match hash and second doesn't match hash
# flag [NoMatch] and continue
# else if main stream doesn't match hash
# flag [MainChanged] and continue
# else if second stream doesn't match hash
# copy main to second
# Validate Mode
# Gather files
# For each file
# If the file has no hash stream
# Clone file to secondary stream
# Hash file and set hash stream
# Else
#switch flag
# [NoSecond]
#if user wants to open file
#open file
#if user wants to accept new file
#copy main to second
#calc hash from main
#remove flag
# [NoMatch]
#if user wants to open file
#open file
#if user wants to accept new file
#copy main to second
#calc hash from main
#remove flag
# [MainChanged]
#if user wants to open file
#open file
#if user wants to accept new file
#copy main to second
#calc hash from main
#remove flag