(64 Bit version is available. However, some of the options may not have been fully converted.
If you find one that is useful but not available, let me know.
As of 2003, the 16 bit versions are no longer being supported, updated or maintained.
NOTE: These (hash, diskcat, and upcopy) and other command line programs WILL process files with long filenames ( > 255 characters) which is seen more and more in modern file systems. If you are using other hashing software, you should test its capability to process long filenames. (I have found a significant number of popular stand alone hashing programs have not been updated sufficiently to handle long filenames). I have tested a number of command line and GUI hashing and forensic copy programs. Some cannot process long filenames at all. Others can only find and process a single file at a time. Not very useful in forensics. And others may be able to find a file thru the GUI, but can't do a recursion. So i urge anyone who is planning on using a hashing program on current filesystem, please check the capability of your program on the filesystem you intend on using it on. I have a file containing approximately 82 files with longfilenames. You can use 7-zip file to extract these files and then test your software to see if it finds it. After you download the file, you must unzip the .zip file, then use 7-zip to unzip/extract the long filename files. The file was .zipped to allow for automatic download of a zip file, as most browsers don't know what to do with a .7z file extension, and the 7z file was created because I have had little to no luck using winzip or pkzip to properly store a long filename path.
After you successfully un-7zip the file structure, you can use the 64 bit diskcat.exe diskcat program to confirm that there are long filenames in the structure. Use the option --showlong, this should produce a listing of about 82 files with path/filenames greater than 255 characters.
This is a command line program.
MUST be run within a command window as administrator.
The program does not copy open/locked files like .ost files. It does not call for a shadow copy to be set in order to copy locked files. To copy locked files, the user must create a shadow copy, mount the drive, and then copy the appropriate file.
This version also can copy files from a SHADOW COPY location if used under the proper server environments. (see --SHADOW_COPY, in options section).
The upcopy program is designed to read a source and destination directory and copy only newer files from the source to destination. UPCOPY operates similar to xcopy or robocopy except with better e-discovery/forensic options. Upcopy supports the Unicode Microsoft path/name max length of 32767 characters.
A second use is to provide the program a list of files to copy to a new destination. This option (-S) is especially useful when doing some sort of update and you have a known list of files that need to be copied, and a destination root path for all of them to go to. Those in e-discovery will also find this valuable, when a list of files is obtained (by whatever forensic program you choose), and you must copy them to a drive for delivery to a client. Those using the Hashkeeper program will find this especially useful.
For forensic purposes, it can be used to forensically copy files or folders from a live system to a destination drive. This is especially useful when the users can't or won't give permission to shut down their running systems. Most often used with servers.
Its overall objective is to perform a forensic copy (update) files from one directory to another. An excellent use is to update certain files from a hard disk to a floppy or visa versa.
It can be used to copy files only newer than certain number of days old, or all newer files regardless of age. It can be set to only copy those files that already exist, thus not adding superfluous files to the destination.
Also, when dealing with servers, and especially EDB exchange data bases. The user should consider creating a "SHADOW FILE COPY". This is a special process by which the OS properly captures the state of an open file (.EDB or other), and places it in a secure location on the drive. It can then be copied with the unicode version of the software and the user is assured of an uncorrupted data file. (see the --SHADOW option below).
Additional capabilities are added as necessary:
One cabaility is to provide a list of top level folders/paths (--dirs=filename) from which to copy source files. This allows the user to specify specific folders (ie: \documents and setting, \other_folders) and not traverse the entire file system.
Another capability/other option added Nov. 2007, is to provide a list (--bypass=filename) of top level FOLDERS which are to be BYPASSED. So you would start at the top of the root, but bypass \docs and settings and bypass \windows, and others. Only folder names are allowed to be bypassed. If you include a file, the program errors off.
UNC paths such as \\cpu-00\x\progs (where x is the drive letter) are acceptable to use as the source (-p option). However, they will not work if using them within a -s source_file text file. And, as expected, the logged on user MUST have proper credentials on the UNC path drive to perform the operation.
The logging options have been changed significantly (--logfile, --error, .ini). All original logging options have been replaced with more robust options. However, the -1 (one) logging option still creates a basic log file, but without lists of filenames checked, copied or passed.
During the copy process the file dates and times of the original file are maintained in the destination file attributes. However, without the -R (Reset) option, the original access time is adjusted accordingly. Users should consider resetting the registry key to NOT update last access date. Or if you are running on a Win7 or higher OS, last access is usually turned off by default.
On Sept. 8, 2010 another capability was added. Occassionally the investigator has a tree structure of many files and many sub-directories. The need here is to take all the files (or just specific named files, ie: -f *.doc) from the entire tree structure, and copy them to a single level directory. You could do it one at a time, but the added --flatten option will perform this task. It causes upcopy to copy all the specified files in the source path, to a SINGLE top level directory, and does NOT create sub-directories as is experienced in the normal usage. The --flatten option can also specify how many files are to be in a top level directory. So if you have a tremendous amount of files, you can, if necessary only copy X number per destination folder.
In addition, with the --flatten option, there is always a chance that files with similar names located in different source directories will exist. The --flatten does not differentiate in filenames, and thus if a similar filename is located as a source, it will NOT overwrite the current destination. This is the primary design of upcopy, to NOT overwrite an existing file. However, in some cases the user will want ALL the source files to be copied to the destination, even though they may have duplicate filenames. In this case, include the --nodupe option, along with the --flatten option. This --nodupe option, renames a duplicate destination filename by adding a unique index sequence. See the options section for more details. The --nodupe option ALSO by default adds the -A (all files) option.
The --bypass=[directory name(s)] is especially useful to bypass specific directories. This is helpful when copying files for discovery from a work drive. You may wish to eliminate unecessary directories in the delivery process.
Source file type(s) (i.e. *.c) if necessary are provided by the user. The default is to copy all files (*.*)
The program locates all files in the source directory meeting the file specifications. If no source file types are provided, *.* is assumed. Source file types can contain wildcards, multiple file specs, or be blank for all (*.*) A source directory must be specified, but source file types defaults to (*.*).
If the source file list (-S) is used, then the Source files are taken to be all the files listed in the provided list. This list is a text file containing one filename (including full path) per line.
If the filetypes file (-F textfile) is used, then the filetypes found in the textfile will be used as if they were input individually using the -f filetype option. (4/2009)
When the program starts, the destination drive or directory is examined. If using the default of all files, the destination is searched for a file of similar name. If one is found, the parameters (options selected) are compared from the source file against the destination file. If the destination needs to be updated, it is. I.e. when the same file is found on the destination as in the source directory, and the destination file is older than the source file, the newer source file is copied to the destination.
If there is no destination file of the correct name, then the source file is copied to the destination. (-e overrides this operation to copy ONLY existing files).
The destination MUST be a directory or drive. If it is only a drive (-d A:) All subdirectories under the source are copied to appropriately created subdirectories on the destination.
If you are using only a drive as destination, make certain the default directory on that drive is the top level directory to start writing to. I.e. if the default on A: was A: \tmp, when the operation started, then all the copying would begin at A:\tmp and continue to create subdirectories below. If you wanted to start at A:\, then the default directory on A: should be root.
There is no check to see if the destination file is read-only. Destination Read-only files are NOT written over. (To force an overwrite of protected destination files, use the -O option. The -O option is not documented on the programs help screen.)
Various options exist to allow the user to “program” the file selection process, by file name, size, age, whether the destination exists or not and other options.
Upcopy is unicode compliant, meaning it will copy long file name files, and any file that meets the traditional long filename parameters.
During the copy process the file dates and times of the original file are maintained in the destination file attributes. However, without the -R (Reset) option, the original access time is adjusted accordingly.
The program pauses every 200 Megabytes and shows an approximate time to completion. This time can vary greatly depending on the number of files remaining, and the transfew speed of the network (if perfoming network copy). The more small files to process, the more I/O time is taken up and causes longer copy times. Larger files are copied faster than a lot of small files.
Copy Errors - ERROR FILE, updated/changed 2/2008
In some instances, especially when processing files using the -S (source list) option, you may find that there are some files that are NOT COPIED. In most instances this is because the file name has been generated by a program that writes UNICODE file names into a traditional text file. Thus loosing a significant amount of filename characters. These files are most often found in the internet cache area, and are usually .url type files. In most cases, they are of no consequence. However, they cannot be copied, because the text file which the program is reading as sources, does not contain the true unicode filename, and thus cannot find the file.
In any case, there are files which cannot be copied. Sometimes, it is purely a windows permission problem, which the user must overcome.
The purpose of the -E error file (replaced Feb 2008, by the --error=16 option), is to provide the user with a list of files which were not copied, and provide the user with information which may be useful in performing some other manual review or copy process. In cases where it is merely a system permission problem, once the permissions have been properly set, the files can be copied. For this reason, if the -E option is chosen, another file with the same root name as the error file, and has an extension of .lst. This file, has as its format, one that can be passed to the -S option, once the problem has been solved, and another recovery run is needed. In effect, this new file, has a clean listing of all those not copied.
C:>upcopy [source_directory] [destination_directory] [-[options]]
VERY IMPORTANT NOTE: The program can be run with only the source and destination directory on the command line (upcopy c: d:) without using any options. However, IF the destination is used without an option, the source item on the command line must also be present. This is because the source and destination (without options) are positionally specific on the command line. This means the source MUST occur before the destination. However the reverse is not true. You can list the source without an option, and pick up with the -d and other options. This capability of running without options is for quick operation (and for lazy people like myself).
C:>upcopy C:\tmp D:\tmp\old
/* copy the tree structure from C:\tmp to a new directory D:\tmp\old */
C:>upcopy -p C:\tmp -d d:\tmp\old
/* same as the first one, except this one makes use of the options */
C:>upcopy -p c:\tmp -d d:\tmp\old -f *.doc
/* copy only the *.doc files*/
C:>upcopy -p c:\tmp -d d:\tmp\old -f *.doc *.ppt
/* copy *.doc and *.ppt files */
C:>upcopy -p c:\tmp -d d:\tmp\old --logfile=c:\path\logfilename!63
/* 2008: create ALL available logfiles named logfilename, in path
C:>upcopy -d d:\work_dir -S listfile.nam
/* copy all the files identified in the text file listfile.nam to the d:\work_dir tree */
C:>upcopy -p . -d d:\work_dir -f *.doc --flatten
/* copy all the .doc files found in the current tree, and copy them all the the d: \work_dir. NOT creating any subdirectories.. */
C:>upcopy -p . -d d:\work_dir -f *.doc --flatten=1000
/* copy all the .doc files found in the current tree, and copy them all the the d:\work_dir. Placing a max of 1000 files per output directory, and creating a single sub-directory for each additional 1000 files as necessary. Sub-directories are named 0001, 0002, etc as needed. */
C:>upcopy -p . -d d:\work_dir -f *.doc --flatten=1000 --nodup
/* copy all the .doc files found in the current tree, and copy ALL of them all the the d:\work_dir. Placing a max of 1000 files per output directory, and creating a single sub-directory for each additional 1000 files as necessary. Sub-directories are named 0001, 0002, etc as needed, and duplicate files have an index [xxxx] added to the name. */
C:>upcopy -p . -S source_list_file.txt -d d:\tmp\old --logfile=c:\path\logfilename!63
/* Use a -S source list file and create ALL available logfiles named logfilename, in path
C:>upcopy -p . -S source_list_file.txt --TEST -d d:\tmp\old --logfile=c:\path\logfilename!63
/* Use a -S source list file and ONLY TEST existance of the source files. MUST include a minimum NOT_COPIED_log!8.
The latest versions, (after 6/2009) have enhanced option usage. The options can also now be literal words preceded by the double -- (minus) signs. This syntax is similar to the *IX formats. The enhanced options are not included here. You should check the help screen of the program to see any particular option which has this format implemented. an example would be: instead of the -d path\folder, you could use: --destination=path\folder, or instead of the -S fileoption, you could use: --list=file_containing_list_to_copy.Format NOTE When an option is listed of the following format: -option + filename: the plus sign (+) is indicated to mean that you must include an item following the option. DO NOT INCLUDE the plus (+) in the command line.
Note: the -p and -d are required so they are placed at the top of the list
-p + src_dir: Use this directory as the source (starting point). Generally the format is: (-p C:\TOP_LEVEL_FOLDER\ANY_SUBFOLDERS). The source directory can be a network designation (i.e. \\COMPUTER_NAME\C\FOLDER_NAME). Not used if the -S option is used. (-p and -S are mutually exclusive)
-d + dest_dir: Use this as the destination directory. This is the top level destination path. Generally the format is: (-d D:\TOP_LEVEL_DEST_FOLDER\ANY_SUBFOLDERS). All files will be created under this destination, and original path will be maintained below this destination. The destination directory can be a network designation (i.e. \\COMPUTER_NAME\C\FOLDER_NAME) However, tests should be conducted to see if the destination paths are properly created.
--flatten[=xx]: Use this option when you want all the source files to be placed in a SINGLE -d destination directory (FLATTEN the tree). The program finds all the specified source files, and copies them to the single top level -d directory. The caveat here, is that files found with duplicate names, will not be copied, as the program will not create duplicate files (see --nodupe option below). So use caution that duplicate file names are not attempted to be copied. If the =XX is replaced by a value ie: flatten=100, then there will be a maximum of 100 files placed in the top level -d directory, and additional subdirectories will be created as needed, each with a max of 100 files.
--nodupe: Use (ONLY with --flatten). If you suspect that the source files will exhibit duplicate names, upcopy will not normally overwrite an existing destination file of the same name. So if a file was already copied to the destination and its name was foo.ext, then the next source file located with a name of foo.ext will NOT overwrite the already copied (existing) destination file. In some instances, regardless of how many source files have the same name, the user wants all of them copied. The --nodupe option should be added to the --flatten option. This option causes a unique index number to be added to the destination filename so that there will not be any overwriting, and all source files will be copied. So a duplicate foo.ext would be copied to a file named: foo.ext. Subesquent duplicates, regardless of their root name, will have the [xxxx] index increased by one for each duplicate file encountered. [NODUPE=ON]
NODUPE Processing NOTE:
Because of default (-tw) date checking, nodupe expects the user wants ALL files regardless of the date check. For this reason, the -A (copy ALL files) option which overrides the time check options is on by default. If you do want the date check to continue, add a +A option. The +options usually turn off the appropriate option. In this case, there will be NO date checking and all files will be copied.
-f + filetype(s): Copy only those files meeting this file type. Additional file type can be added by separating each one by a space. (i.e. -f *.c *.doc *.tmp *.ppt ). This option is overridden by -S.
-F + filetype(s)file.txt: The file: filetypesfile.txt contains (one per line) the file type to process. This is used in place of the -f option if you have many filetypes (over the 10 supported by the -f option) to process. This file can contain up to 200 filetypes to process. This option may conflict with the -S option. (4/2009)
-x + exclude_filetype(s): Exclude files meeting this file type. Additional file type(s) (up to 32) can be added by separating each one by a space. (i.e. -x *.c *.doc *.tmp *.ppt ). This option is overridden by -S.
--nocase: (10/9/2010) In rare instances when you receive or are looking at a file structure that was created on a *IX machine, you might see filenames which are identicle excpept for case. For instance, TEST.TXT and TEST.txt. Linux/*IX operating systems are not only case sensitive they are also case retentive. Which means that both these files can live in the same directory without any collission. However, Windows is case retentive, but not case sensitive. Which means, if you copied TEST.TXT to a directory, and then tried to copy TEST.txt to the same directory, Windows would see it as an identicle name, and OVERWRITE the original file, ending up with just one file in the destination. To overcome this Windows restriction, the --nocase is used to allow both files to be copied. However, since Windows will NOT allow the duplicate name, the --nocase option, causes the 2nd filename to be slightly adjusted in the fashion that the --flatten option adds the index to the name. So the 2nd file would end with a name of TEST.txt. Not exactly what the original was, but close enough. As a side effect, the --nocase option also initiates by default the -A (copy all) files. Sorry, no alternative.
-S + filename: Text file (filename) containing a list, one per line, of source files to copy to the destination directory. (The names in the file MUST be filenames and not merely directories. If the source file can't be found, the program continues with the next.) The destination directory ( -d d:\option) is the top level tree where all the files will be copied. The copy maintains tree structure below the destination directory. Hashkeeper users find this very useful. . (-p and -S are mutually exclusive).
The line of text containing the filename MUST be pipe ( | ) delimited if the line of text contains more information than just the filename, see samples below. (i.e. if it is the output of diskcat which also contains file size etc.). The filename MUST be left justified, without leading spaces and be the first item on the line.
If the text files contain only the filename, (which is the preferred format), then there is no need for the pipe delimeters.
This file format:
F:\anydir\another\dir\filename.ext | 123456 | 09-12-2002 12:26AM
C:\anydir\anyfile | 123 | 08-12-2002 09:25AM
C:\another_dir\another_file | 12387 | 04-12-2002 09:25AM
C:\as_many_files\as_are_necessary | 122344 | 02-12-2002 09:25AM
--TEST: TEST the existance of all the files in the -S filelist. The program proceeds as if it were attempting to do the copy, but it only checks the existence of the source files. It shows as NOT_COPIED any file which the source can't be located. In many instances, the source can't be located because of an error in the filename being provided. Pay special attention to files listed that are within containers, such as a file within a zip file or an email msg within an e-mail store such as a pst. The file listed in the -S file MUST be the top level file which is located on the drive. In order to maintain any meaningful output, you MUST also include a --logfile=xyz!8 at a minimum to show NOT_COPIED files.
-A Copy (overwrite) ALL files. This causes all the files in the source tree to be copied. If this option is not used, only newer files, and ones that don’t exist in the destination are copied. This option causes a clean sweep of the tree. Consider adding the -O option to ensure overwrite of protected files.
-e Only copy over existing files. If the destination file doesn’t it won’t be created. Without this option, all newer and files where the destination doesn’t exist are copied. Possible use is, suppose the destination only has *.doc files in the tree, but the source has *.docs, some of which DON”T already exist on the destination. If the -f *.doc option is used, ALL the doc files would be used, use this if only the existing files are to be overwritten.
-E + errorfilename "Replaced 2/2008": Create an error file which holds information regarding files not copied. This file contains a listing of all files not copied to the destination. Some reasons the file could not be copied are that the destination disk is full or the destination file is locked by the OS (ie NT locks certain files, such as system files, and they can't be accessed while locked).
-h: Perform hash of both source and destination file. This confirms a good copy.
-hs=hash_log_filename: Perform hash on ONLY the source file. (user must include an output hash_log_filename to place the hash values to.).
-hd=hash_log_filename: Perform hash on ONLY the destination file. (user must include an output hash_log_filename to place the hash values to.).
Note: the -hs and -hd options should be considered mutually exclusive, and are only useful when outputting the source or destination hash to an output file. If you wish to output "BOTH" hashes, use the -H option, which also verifies the copy.
-H + hashfile: Perform hash of both source and destination file, and record results in the file named by hashfile. Use this instead of both -hs and -hd. Also, not that the hashfile output designation is formatted differently. It needs a space after the -H, which the -hs or -hd requires an = (equal sign) and the filename. This can almost serve as a replacement for the -2 logfile option. This confirms a good copy. Performing the -H option is very time consuming.
--SHA: In addition to the hashing, calculate the SHA1 of the files. This option can only be used if the -h and -H logfile is used, as the SHA1 values are put in the logfile along with the MD5 hashes. This is a very very time consuming operation. Included in versions only after (12/9/2009)
-i Proceed Immediately with the copy. Without this option the source tree is first scanned and files are counted so the user knows how many files are involved. Use this option if you are attempting to copy over a slow network, as the initial count could take an inordinate amount of time.
-m: Automatically make the first destination if it does not exist. Without this option, if the first (top level) destination directory doesn’t exist, the user is prompted for an OK to create it. All subsequent subdirectories are automatically created without user intervention. Use this in batch file operation so no user input is needed.
-M: Same as -m, except the final destination directory will maintain the date and time of the source directory.
-nN: The lower case -n prints only the source filename to the
screen. DO NOT perform the copy operation. Use this to first confirm the items which will be
The (-N) upper case version also prints the file size and the destination filename to the screen. And if the --delimiter=xx option is used, it will format with delimeters the "source | filesize | destination name" to the screen in a single line. This output can then be redirected >> to an output file for later examination or input into a spreadsheet, or passed to rm or rmd to remove the files once the copy process has taken place.
-r: DO NOT recurs through the source directory for file. The default is that the source directory is recursed and ALL subsequent files and directories are copied. The default operation emulates the XCOPY command.
-O Force and overwrite of any file that is protected, such as read only files. This has no effect on OS locked files. It has only been shown to be effective with files with the read only or hidden attribute set. This option is not documented on the program help screen.
-g + #:
-l + #:
Copy only those files (g)reater than or (l)ess than # days old. Replace the # with a valid number of days.
-g + mm-dd-yyyy[acw]
-l + mm-dd-yyyy[acw] (that's and ell, not a one).
Process only those files (g)reater (older) than or (l)ess than (newer) than this mm-dd-yyyy date. The date MUST be in the form mm-dd-yyyy. It MUST have two digit month and days (leading 0 IS required), and it MUST have a 4 digit year. The date given mm-dd-yyyy is NOT included in the calculation. Ie. if today was 01-10-2003 and you entered -l 01-09-2003 you would only process todays files. If you wanted to include those on 01-09, you should have entered -l 01-08-2003.
if any of the acw items are included, restrict the date to that type. (access, create, write)
-t[acw]: In the 32 bit version, this is used to modify the -g or -l option to specify which time type to use in the calculations. The a==access, c==create, w==last write time. Don’t forget, in WIN9X, there is no access time.
--ZERO: In some instances of file extracts from X-Ways and other forensic software, the file dates of "child" and other files is set to 00-00-0000. This file date of zero causes programs which display and / or depend on file dates to faulter when filtering by file date. It also causes UPCOPY to NOT copy these files because of the eroneous date. This option, --ZERO was initiated in order to force the copying of files with no file date. When it copies those files, it sets the destination file date to 12-01-1970 00:00:00. At least, then you can filter or search for a specific file date. HOWEVER: Explorer still can't display the date. Go figure?
-G + #:
-L + #: Copy only those files (G)reater than or (L)ess than # bytes in size. Replace the # with a valid file size.
-R: Because the files are opened and read, on WINNT and WIN9X the access date is modified. This option attempts to reset the source file date back to its original.
During the copy process the file dates and times of the original file are maintained in the destination file attributes. However, without the -R (Reset) option, the original access time is adjusted accordingly..
--logfile=logfilename[appropriate masks:see below] Create an output logfile with statistical information relating to the programs operation.
-1 logfile Create an output logfile with statistical information relating to the programs operation.
-2 and -3 options discontinued as of Feb 2008 version
-2 logfile Create an output log file with statistical information. This file is more verbose than that used in the -1 logfile option, and contains a list, in 2 line format, of all the source files their destination. This file can get quite large depending on the number of files copied.
-3 logfile Create an output log file with statistical information. This file is more verbose than that used in the -1 logfile option, and contains a list, in single line format, of all the source files their destination. This file can get quite large depending on the number of files copied.
As of Feb 2008 there are 3 new ways to get logfile creations.
For ALL the logs, use -1 + logfilename!all
-1 + logfilename[[ !;|: ] xx]: filename to create logging file(s). this '!' '|' ';' or ':' seperator can be any one of the four but only 1 is allowed. the preferred one is either a "!" (exclamation) or ":" (colon) the [xx] syntax == any value below added together to get matrix of files logging files that may be created are:
1: default logfile: contains command line, and statistics
2: list logfile: contains list of ALL files scanned for copy
4: copied logfile: contains list of ALL files successfully copied
8: not_copied logfile: contains list of files scanned but not copied
this file contains files not meeting criteria PLUS copy errors
16: error logfile: contains files meeting criteria, but had COPY error
32: renamed dupes log: destination file renamed due to duplicate
For ALL logfiles use: \"logfilename!63\" or greater. Normal is !31
Simple Shortcut for ALL logfiles: \"logfilename!all\" use the word all.
--dirs=dirnames (9/15/2011 fixed a bug in the destination folder naming).
"dirnames" is a text file containing the full top level path of the folder(s) you wish to copy.
This pathname MUST include a source drive letter: (ie: D:\.) No error checking is performed to
see if the folders exist or not. If it exists, the files below are copied in the normal fashion.
The file is a text file, with one path/folder per line, (or pipe delimeted). This option is
mutually exclusive with the -S option. So don't use them together.
Sample contents of the dirname file
f:\documents and settings\johns folder
f:\documents and settings\other folder | other stuff on the line, similar to above
f:\program files\virus generators
The -d option on the command line is used as a TOP level starting point to copy all the source
files to. The paths identified in the dirnames file are APPENDED to the -d option path and thus
will start copying below the -d option. So if we used the above source paths, and had a -d option
of: -d d:\TOP\LEVEL1
the resulting destination folders would be:
d:\TOP\LEVEL1\documents and settings\johns folder
d:\TOP\LEVEL1\program files\virus generators
--SHADOW_COPY: If the user is attempting to copy all or part of a shadow copy file (see: Microsoft Volume Shadow Copy) the upcopy program may not be able to properly locate the volume shadow file. If the program cannot locate the shadow file, it is suggested that the user add this --SHADOW_COPY option. It may assist in finding and opening the file.
The pathname provided on the command line to locate the VSS (Volume Shadow Copy) is that
which was provided to the user when they ran the
program with the command:
vssdamin List Shadows.
The program will include all the shadows is maintains, and the proper syntax for the -p option would be:
-p \\?\actual name of the shadow copy file which was provide by the command.
--bypass=filename Filename is a text file
containing the full top level path/folder of the folder(s) of folders you wish
to bypass. No error checking is performed to see if the folders exist
or not. If it exists, it will be bypassed and no files below will be
The file is a text file, with one path/folder per line.
If the "filename" is not a file containing paths, but the actual path,
it is treated as such. This --bypass= option can be included multiple
times on the command line. Once for each folder.
This option is mutually exclusive with the -S option. So don't use them
f:\documents and settings\johns folder bypass
f:\documents and settings\other folder bypass
f:\program files\virus checkers bypass
If you have an upcopy.ini file, the ini file contents are
Here are samples of the two types of output formats.
512 |D:\DRa00632\AAA00632| ==>D:\NEWDIR\DRa00632\AAA00632|
512 |D:\DRa00632\AAB00632| ==>D:\NEWDIR\DRa00632\AAB00632|