|
|
| Line 1: |
Line 1: |
| − | Thumbs.db is a file created by [[Windows]] when [[Thumbnails|thumbnail]] view is used. It is a hidden file not viewed by most users and not updated when files are moved from a folder which images have passed through or deleted. This gives a secondary chance that someone will leave behind at least partial evidence of an image in their [[Windows]] folders.
| + | I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global. |
| | | | |
| − | The [[thumbnails]] in Thumbs.db are stored in the [[OLE Compound File]] format. It's the same format that [[Microsoft Office]] uses.
| + | Any thoughts, please put them on www.computer-forensics.co.uk in the forums section. |
| | | | |
| − | There is a forensic open source application developed at sourceforge called [[vinetto]] at http://sourceforge.net/projects/vinetto that can extract them. It does require a python environment. Additionally, there are several other Java solutions based around the Jakarta project that is apart of Apache. Additional resources about thumbs.db can be found in a white paper at http://www.accessdata.com/media/en_US/print/papers/wp.Thumbs_DB_Files.en_us.pdf.
| + | Thanks and regards, |
| | | | |
| − | MiTeC Windows File Analyzer [http://www.mitec.cz/wfa.html] is a tool for forensic analysis of Thumbnail Databases, [[Prefetch]] files, [[LNK | shortcuts]], IExplore Index.DAT files and Recycle Bin contents on a [[Windows]] system. It will print a report of analyzed files.
| + | Simon |
| − | | + | |
| − | = Windows Vista =
| + | |
| − | | + | |
| − | ''See [[Vista thumbcache]]''
| + | |
| − | | + | |
| − | Thumbs.db no longer exists in Vista. This data has been moved to ''\Users\\AppData\Local\Microsoft\Windows\Explorer''
| + | |
| − | | + | |
| − | [[Windows]] Vista will save thumbnails for files on mounted encrypted file systems (except [[Windows Encrypted File System | EFS]]).
| + | |
| − | | + | |
| − | [[Category:File Formats]]
| + | |
Revision as of 12:50, 8 February 2007
I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global.
Any thoughts, please put them on www.computer-forensics.co.uk in the forums section.
Thanks and regards,
Simon
