PowerShell utility to compress a folder or file using 7zip and split the resulting archive into 3GB or less sections.
- 7za.exe executable 'put' via Defender console
- File Name: Ginsu.ps1
- Author: Doug Metz
- Version: 1.2
This script uses 7zip (7za.exe) to compress a specified folder or file and then splits the resulting archive into sections of 3GB or less. It will work (and was designed for) sources larger than 3GB. Windows Defender Live Response currently only supports pulling back files of 3GB or less via the console. If your collection is larger than that, you will need to repackage it using Ginsu, or use a method outside of the console to retrieve the files.
When the source is a directory, output is written to a
Ginsu\subfolder inside that directory. When the source is a file, output is written to aGinsu\subfolder in the same parent directory.
.\Ginsu.ps1 [OPTIONS]
OPTIONS:
-Source <path> Directory or file to compress
Default: C:\Temp\RESPONSE
-BaseName <name> Base name for output archive (no extension)
Default: RESPONSE
-SevenZipPath <path> Folder containing 7za.exe
Default: C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads
-SplitSizeGB <n> Split size in GB (decimals supported)
Default: 3.0
-Help, -h Show help and syntax# Run with all defaults
.\Ginsu.ps1
# Compress a directory with custom basename
.\Ginsu.ps1 -Source "C:\Temp\COLLECT" -BaseName "COLLECT"
# Compress a single file
.\Ginsu.ps1 -Source "C:\Temp\RESPONSE\collection.zip" -BaseName "RESPONSE"
# Specify a custom 7za.exe location
.\Ginsu.ps1 -Source "C:\Temp\COLLECT" -BaseName "COLLECT" -SevenZipPath "D:\Tools\7zip"
# Use a smaller split size for extra margin
.\Ginsu.ps1 -Source "D:\IR\Case001" -BaseName "Case001" -SplitSizeGB 2.5