I came across a server today that was running low on disk space for the OS C:\ partition. It only took a moment to find a TXT file on the root of the drive that was around 40GB in size. It goes without saying that there was no hope of Notepad opening the file to see what was in it and in fact if you try Notepad will refuse. The name of the file gave no clue what it was for and I couldn’t find any open handles to the file to identify a running process or service.
I wanted to know what content was in this text file as it might give me a clue to it’s purpose. To do this I decided to turn to PowerShell and take advantage of some of the cmdlets. If this had been a Linux box I would likely have used the tail command to read out the end of the file and this is pretty much what I do with PowerShell.
As you can see we have our TXT file located at the root of C:\
I want to see what is in this text file to try and assist with identifying it’s purpose. I’m going to use the PowerShell cmdlet Get-Content with the -Tail parameter and a value of 20 to retrieve the last twenty lines of this file and write them to the console.
PS C:\> Get-Content -Path 'C:\wod.txt' -Tail 20
Excellent – we can see the twenty lines from the end of the file and it looks like this is a log file for an SFTP solution. Now we know what the file is being used for we can contact the system asset owner and ask them to take action to reduce or remove the file if not required.
While it is useful being able to read the end of the file we may find situations where we want to look at the start of the file. PowerShell again comes to the rescue, we will use a similar command syntax but in this case we will can use the -TotalCount parameter.
PS C:\> Get-Content -Path 'C:\wod.txt' -TotalCount 20
If we knew the specific line we wished to retrieve that can also be handled via the Get-Content cmdlet.
PowerShell is great and can make short work of problems – often it is simply a matter of knowing the cmdlet you need and how to leverage it. I hope if you ever find yourself in a similar situation this information proves useful.