Difference between pages "1X EVDO" and "Thumbs.db"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m
 
Line 1: Line 1:
1X EVDO stands for EVolution Data Optimized, a wireless broadband data standard used in many CDMA providers
+
Thumbs.db is a file created by windows when thumbnail view is used. It is a hidden file not viewed by most users and not updated when files are moved from a folder which images have passed through or deleted.  This gives a secondary chance that someone will leave behind at least partial evidence of an image in their windows folders.
around the world. QualComm had the initial design in 1999 to meet IMT-2000 (International Mobile Telecommunications-2000) standards being better than 2Mbit/s downlink for stationary communications.  
+
  
Verizon currently implements 1X EVDO called V Cast for high speed data speeds for mobile phones. Verizon and Sprint both provide this service in most major U.S. cities. EVDO is based the 1xRTT standard technology that provides two to three times internet speed of dial-up. Since it is based on 1xRTT, if an user goes outside of the EVDO coverage zone, the user automatically is transferred to 1xRTT standard making internet access very convenient.
+
The thumbnails in Thumbs.db are stored in a OLE 2 Compound Document format. It's the same format that MS Office uses.  
  
The advantages Evdo has over WiFi is that it has seamless roaming, customers can access corporate VPN anywhere they can get a signal, realtime downloads, and signal travel on cell phone cell sites.
+
There is a forensic application developed under the open source project over at sourceforge called vinetto at http://sourceforge.net/projects/vinetto that can extract them.  It does require a python enviornment.  Additionally there are several other java solutions based around the Jakarta project that is apart of Apache.  Additional resources about thumbs.db can be found in a white paper at http://www.accessdata.com/media/en_US/print/papers/wp.Thumbs_DB_Files.en_us.pdf.
 +
 
 +
=Windows Vista=
 +
Thumbs.db no longer exists in Vista.  This data has been moved to ''User Profile/Application Data/Microsoft Internet Explorer/Thumbscache32, 96 and 128'''

Revision as of 00:00, 15 October 2007

Thumbs.db is a file created by windows when thumbnail view is used. It is a hidden file not viewed by most users and not updated when files are moved from a folder which images have passed through or deleted. This gives a secondary chance that someone will leave behind at least partial evidence of an image in their windows folders.

The thumbnails in Thumbs.db are stored in a OLE 2 Compound Document format. It's the same format that MS Office uses.

There is a forensic application developed under the open source project over at sourceforge called vinetto at http://sourceforge.net/projects/vinetto that can extract them. It does require a python enviornment. Additionally there are several other java solutions based around the Jakarta project that is apart of Apache. Additional resources about thumbs.db can be found in a white paper at http://www.accessdata.com/media/en_US/print/papers/wp.Thumbs_DB_Files.en_us.pdf.

Windows Vista

Thumbs.db no longer exists in Vista. This data has been moved to User Profile/Application Data/Microsoft Internet Explorer/Thumbscache32, 96 and 128'

Retrieved from "http://www.forensicswiki.org/w/index.php?title=1X_EVDO&oldid=5764"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox