During litigation, it is normal to want to know a complete list of files within some particular directory (and its subdirectories). If the computer is running Windows, this information can be obtained using the command shell (that thing that looks like MS-DOS), using the “dir” command.
Within the command shell, navigate to the directory in question (using the “cd” command), and enter this command:
dir /s/o:gn
The output will be something like this:
Volume in drive C has no label. Volume Serial Number is XXXX-XXXX Directory of C:\Music\Rock 07/09/2017 01:43 PM <DIR> . 07/09/2017 01:43 PM <DIR> .. 07/09/2017 01:42 PM <DIR> Jimi Hendrix 07/09/2017 01:43 PM <DIR> Nirvana 07/09/2017 01:43 PM 0 out.txt 1 File(s) 0 bytes Directory of C:\Music\Rock\Jimi Hendrix 07/09/2017 01:42 PM <DIR> . 07/09/2017 01:42 PM <DIR> .. 07/09/2017 01:42 PM <DIR> Are you Experienced 0 File(s) 0 bytes Directory of C:\Music\Rock\Jimi Hendrix\Are you Experienced 07/09/2017 01:42 PM <DIR> . 07/09/2017 01:42 PM <DIR> .. 11/13/2009 11:58 PM 4,139,551 A01 - Purple Haze.wma 11/13/2009 11:58 PM 5,383,323 A02 - Manic Depression.wma 11/13/2009 11:58 PM 5,079,091 A03 - Hey Joe.wma 11/13/2009 11:58 PM 4,649,587 A04 - Love or Confusion.wma 11/13/2009 11:58 PM 4,604,847 A05 - May This be Love.wma 11/13/2009 11:58 PM 5,669,659 A06 - I Don't Live Today.wma 11/13/2009 11:58 PM 4,855,391 A07 - The Wind Cries Mary.wma 11/13/2009 11:58 PM 3,969,539 A08 - Fire.wma 11/13/2009 11:58 PM 9,749,947 A09 - Third Stone from the Sun.wma 11/13/2009 11:58 PM 4,810,651 A10 - Foxy Lady.wma 11/13/2009 11:58 PM 6,179,695 A11 - Are You Experienced.wma 11/13/2009 11:58 PM 5,222,259 A12 - Stone Free.wma 11/13/2009 11:58 PM 4,739,067 A13 - 51st Anniversary.wma 11/13/2009 11:58 PM 5,141,727 A14 - Highway Chile.wma 11/13/2009 11:58 PM 3,701,099 A15 - Can You See Me.wma 11/13/2009 11:58 PM 4,085,863 A16 - Remember.wma 11/13/2009 11:58 PM 5,580,179 A17 - Red House.wma 17 File(s) 87,561,475 bytes Directory of C:\Music\Rock\Nirvana 07/09/2017 01:43 PM <DIR> . 07/09/2017 01:43 PM <DIR> .. 07/09/2017 01:43 PM <DIR> Nevermind 0 File(s) 0 bytes Directory of C:\Music\Rock\Nirvana\Nevermind 07/09/2017 01:43 PM <DIR> . 07/09/2017 01:43 PM <DIR> .. 11/14/2009 12:04 AM 7,280,239 B01 - Smells like teen spirit.wma 11/14/2009 12:04 AM 6,152,791 B02 - In bloom.wma 11/14/2009 12:04 AM 5,311,679 B03 - Come as you are.wma 11/14/2009 12:04 AM 4,443,723 B04 - Breed.wma 11/14/2009 12:04 AM 6,197,531 B05 - Lithium.wma 11/14/2009 12:04 AM 4,273,711 B06 - Polly.wma 11/14/2009 12:04 AM 3,468,391 B07 - Territorial pissings.wma 11/14/2009 12:04 AM 5,445,899 B08 - Drain you.wma 11/14/2009 12:04 AM 3,817,363 B09 - Lounge act.wma 11/14/2009 12:04 AM 5,150,615 B10 - Stay away.wma 11/14/2009 12:04 AM 4,765,851 B11 - On a plain.wma 11/14/2009 12:04 AM 5,580,119 B12 - Something in the way.wma 08/02/2005 10:41 PM 245 tracks.txt 13 File(s) 61,888,157 bytes Total Files Listed: 31 File(s) 149,449,632 bytes 14 Dir(s) 49,474,875,392 bytes free
As you can see, it lists all of the files, in each of the sub-directories (in this case, two albums inside the folder “Rock”) and it shows the date that each file was last modified.
Now run this command:
dir /s/o:gn > out.txt
You will find a text file, in that folder, named “out.txt” containing this information (be careful: if there was already a file there named “out.txt,” it will be overwritten). From there, you can move the data to a spreadsheet like Microsoft Excel or LibreOffice Calc (which is free). For example, paste the text into Microsoft Word. Then use “find and replace” to replace all instances of “ ” (four spaces) with “^t” (the tab character). Now select all of the text and “paste special” it into your spreadsheet, choosing the “text only” option. When you paste it that way, the time/date information should be in its own column.
Now you can easily find things like: all files modified on a particular day. Or: whether any files were modified on a particular day or time, which would show that someone was using the computer. That could be evidence, for example, that an employee was at work, even if their time card shows that they had already clocked out for the day.
This information is easy to obtain from any computer running Windows. Parties in litigation have an obligation to preserve and produce ESI (electronically stored information) which includes not only relevant files, but also relevant metadata such as: when a file was created. Getting this information, by creating a text file listing out all of the files in all of the subdirectories, with the complete file names and the date they were last modified, is not burdensome at all. It can be done in minutes, using software that is already part of Microsoft Windows, and you don’t have to be an expert to do it.
You can experiment with using different parameters after the word “dir.” That way, you can do things like: get a list of files without listing the files in the subdirectory, or getting a list of files without the timestamp.