IDrive
Appsv1
Author: Thomas Burnette
description
IDrive Backup Artifacts
paths
14 paths
› paths use Windows environment syntax
collection commands
# PowerShell Artifact Collection Script
# Target: IDrive
# Run as Administrator
#Requires -RunAsAdministrator
$ErrorActionPreference = "Continue"
$SourceRoot = "C:"
$DestBase = "D:\Evidence"
$Summary = @{ Copied = 0; Missed = 0; Errors = 0 }
function Collect-Artifact {
param(
[Parameter(Mandatory)][string]$SourceDir,
[Parameter(Mandatory)][string]$FolderName,
[string]$FileMask = "*"
)
# Expand wildcards in any path segment (e.g. 'Program Files*',
# 'ScreenConnect Client*'). robocopy itself does not glob the source.
$sources = @(Get-Item -Path $SourceDir -ErrorAction SilentlyContinue |
Where-Object { $_.PSIsContainer })
if ($sources.Count -eq 0) {
$Summary.Missed++
return
}
$FullDest = Join-Path -Path $DestBase -ChildPath $FolderName
$null = New-Item -ItemType Directory -Force -Path $FullDest -ErrorAction SilentlyContinue
foreach ($src in $sources) {
robocopy $src.FullName "$FullDest" "$FileMask" /E /COPY:DAT /R:0 /W:0 /NP /NFL /NDL /NJH /NJS 2>$null | Out-Null
if ($LASTEXITCODE -le 7) { $Summary.Copied++ } else { $Summary.Errors++ }
}
}
# 1. IDrive Cleanup Operations
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON\*\Session\Archive Cleanup" -FileMask "*" -FolderName "IDrive_Cleanup_Operations"
# 2. IDrive Backup Operations
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON\*\Session\Backup" -FileMask "*" -FolderName "IDrive_Backup_Operations"
# 3. IDrive Delete Operations
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON\*\Session\Delete" -FileMask "*" -FolderName "IDrive_Delete_Operations"
# 4. IDrive Restore Operations
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON\*\Session\Restore" -FileMask "*" -FolderName "IDrive_Restore_Operations"
# 5. IDrive Backup Summary
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON\*\Session\LOGXML" -FileMask "*xml" -FolderName "IDrive_Backup_Summary"
# 6. IDrive Tracefile
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON\*" -FileMask "Tracefile.txt" -FolderName "IDrive_Tracefile"
# 7. IDrive Mapped Drives
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON" -FileMask "IDMappedDrives.txt" -FolderName "IDrive_Mapped_Drives"
# 8. IDrive Backup Schedule
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON" -FileMask "schedule.xml" -FolderName "IDrive_Backup_Schedule"
# 9. IDrive Schedule History
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON" -FileMask "Sch_Trace.txt" -FolderName "IDrive_Schedule_History"
# 10. IDrive Configuration
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON" -FileMask "idrive.ini" -FolderName "IDrive_Configuration"
# 11. IDrive Local Drives
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON" -FileMask "get_Alldrives.txt" -FolderName "IDrive_Local_Drives"
# 12. IDrive Exclusion Configurations
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON" -FileMask "Exclude*" -FolderName "IDrive_Exclusion_Configurations"
# 13. IDrive User Details
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON" -FileMask "AutoComp.ini" -FolderName "IDrive_User_Details"
# 14. IDrive SQL Databse
Collect-Artifact -SourceDir "C:\ProgramData\IDrive\IBCOMMON\*\LDBNEW\*" -FileMask "*.ibds" -FolderName "IDrive_SQL_Databse"
Write-Host ("Collection complete. Copied: {0} Missed: {1} Errors: {2}" -f $Summary.Copied, $Summary.Missed, $Summary.Errors) -ForegroundColor Green› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1
references
notes
IDrive provides Online cloud Backup for PCs, Macs, iPhones, Android and other Mobile Devices.
The most important files are likely to be the log files locatd in C:\ProgramData\IDrive\IBCOMMON\*\Session\Backup\*.
A new log file is created for each backup session and contains the file name, directory, file size, and time of backup for each file as well as a backup summary.
The next most important file is likely to be C:\ProgramData\IDrive\IBCOMMON\*\LDBNEW\*\*.ibds, which is a Sqlite database that contains the file name, directory, and file size of files that are backed up from a local drive.