|
|
| Line 1: |
Line 1: |
| − | Thumbs.db is a file created by [[Windows]] when [[Thumbnails|thumbnail]] view is used. It is a hidden file not viewed by most users and not updated when files are moved from a folder which images have passed through or deleted. This gives a secondary chance that someone will leave behind at least partial evidence of an image in their [[Windows]] folders.
| + | {{Infobox_Software | |
| | + | name = DEFT Linux | |
| | + | maintainer = [[Stefano Fratepietro]] | |
| | + | os = {{Linux}} | |
| | + | genre = {{Live CD}} | |
| | + | license = {{GPL}}, others | |
| | + | website = [http://deft.yourside.it] | |
| | + | }} |
| | | | |
| − | The [[thumbnails]] in Thumbs.db are stored in the [[OLE Compound File]] format. It's the same format that [[Microsoft Office]] uses.
| + | '''DEFT''' is a [[Live CD]] built on top of Kubuntu with the best tools for Computer Forensic and incident response. |
| | | | |
| − | There is a forensic open source application developed at sourceforge called [[vinetto]] at http://sourceforge.net/projects/vinetto that can extract them. It does require a python environment. Additionally, there are several other Java solutions based around the Jakarta project that is apart of Apache. Additional resources about thumbs.db can be found in a white paper at http://www.accessdata.com/media/en_US/print/papers/wp.Thumbs_DB_Files.en_us.pdf.
| + | == DEFT Release == |
| | | | |
| − | MiTeC Windows File Analyzer [http://www.mitec.cz/wfa.html] is a tool for forensic analysis of Thumbnail Databases, [[Prefetch]] files, [[LNK | shortcuts]], IExplore Index.DAT files and Recycle Bin contents on a [[Windows]] system. It will print a report of analyzed files.
| + | [[DEFT Linux 1]] |
| − | | + | [[DEFT Linux 2]] |
| − | = Windows Vista/7 =
| + | |
| − | | + | |
| − | ''See [[Vista thumbcache]]''
| + | |
| − | | + | |
| − | Thumbs.db no longer exists in Vista/7 as individual files. This data has been moved to a centralized database located in ''\Users\%username%\AppData\Local\Microsoft\Windows\Explorer''
| + | |
| − | | + | |
| − | [[Windows]] Vista will save thumbnails for files on mounted encrypted file systems (except [[Windows Encrypted File System | EFS]]).
| + | |
| | | | |
| | == External Links == | | == External Links == |
| | | | |
| − | * [http://www.thumbnailexpert.com/en/formats/windows-thumbnail-cache/ Windows thumbnail cache (thumbs.db)] | + | * [http://deft.yourside.it Official Website] |
| − | | + | |
| − | [[Category:File Formats]]
| + | |
Revision as of 09:26, 16 November 2008
DEFT is a Live CD built on top of Kubuntu with the best tools for Computer Forensic and incident response.
DEFT Release
DEFT Linux 1
DEFT Linux 2
External Links
