Investigation Feature - Endpoint Jobs - Directory Entry

Hi,

I’ve tried to retrieve files from an endpoint using the endpoint job > directory entry feature inside an investigation. I used the raw as well as the zip on option and after a while the job is classified as complete but I can’t see the corresponding files. Where are these files being uploaded to?

Hi @Ge72w108

what directories are you looking for exactly?

I’ll admit it’s been a while since I look at this feature so I had to test it out to get it working for me.

As an example I passed this path into the Directory Entries

Screen Shot 2022-04-27 at 11.23.54 AM

Which looked like this after the job completes

Screen Shot 2022-04-27 at 11.24.34 AM

You can drill in on files by clicking on the Eye Icon
Screen Shot 2022-04-27 at 11.25.54 AM

If the job does not complete successfully it might look like this (note the Errors)

Screen Shot 2022-04-27 at 11.27.18 AM

David

Hi David, thank you. I was looking for files in a user’s desktop folder so basically
C:\Users\xxxx\Desktop and the listing itself was working fine. I can see all the files of the directory but if I select the “ZIP On” or the “Raw” Checkbox I’m supposed to retrieve the actual files, right?

However, the files aren’t there it’s just the directory listing (metadata like path, file name, file size) and I was wondering if the actual files are stored somewhere else.