Forfiles
Forfiles is a Windows utility commonly used in batch jobs to execute commands on one or more selected files or directories (ex: list all directories in a drive, read the first line of all files created yesterday, etc.). Forfiles can be executed from either the command line, Run window, or batch files/scripts.[1]
ID: S0193
ⓘ
Type: TOOL
Version: 1.0
Created: 18 April 2018
Last Modified: 25 April 2025
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | Data from Local System | Forfiles can be used to act on (ex: copy, move, etc.) files/directories in a system during (ex: copy files into a staging area before).[2] | |
| Enterprise | T1083 | File and Directory Discovery | Forfiles can be used to locate certain types of files/directories in a system.(ex: locate all files with a specific extension, name, and/or age)[2] | |
| Enterprise | T1202 | Indirect Command Execution | Forfiles can be used to subvert controls and possibly conceal command execution by not directly invokingcmd.[3][4] | |
Groups That Use This Software
References
×