I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. solution has helped me in very easy manner... Nihad focuses on the subject of computer forensics and anti-forensic techniques in Windows® OS, especially the digital steganography techniques. Data Hiding Techniques in Windows OS is a response to all these concerns. have a peek here
Click on the "Advanced" button. Disclaimer The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Version 1.12: You can now choose the desired encoding (ANSI, UTF-8, UTF-16) to save the csv/xml/text/html files. (Under the Options menu) Version 1.11: LastActivityView now uses the 8 date/time values stored Unfortunately prefetch files are not differentiated by user.
Version 1.03: Added secondary sorting: When clicking the 'Description' column header, the list is sorted by the Description, and then by the 'Action time' column. Added secondary sorting support: You can now get a secondary sorting, by holding down the shift key while clicking the column header. Under the "View" tab, uncheck the "Show encrypted or compressed NTFS files in color" setting in the "Advanced settings" area. Steganography is the science of hiding data.
In that time, I've gotten lazy and haven't stayed on top of spyware issues on my computer as I should've. Version 1.15: Added option to show only the activity in the last xx seconds/minutes/hours/days (In 'Advanced Options' window). It is possible to have a number of files in the virtual Lost Files folder that have the same file name (and path). Blue Folder Icon This is a book which may well help to discover more about that which is not in immediate view of the onlooker, and open up the mind to expand its imagination
Thuan says January 31, 2017 at 7:33 am So helpful. Why Are Some Files Blue Mehul says October 17, 2016 at 6:31 am Thanks it's working krishna says August 28, 2016 at 11:46 pm Thank you so much Venkatesh Kumar R says August 11, 2016 at hw can i recover those files nd how s solved How do I move my windows 7 OS from an HDD to an SSD without moving the rest of my files? http://www.tomshardware.com/forum/17930-63-decompress-blue-files-compressed-windows intrloper9 Resolved HJT Threads 21 09-22-2006 01:39 PM My HJT log(need a response as quickly as possible) Logfile of HijackThis v1.99.1 Scan saved at 9:31:44 PM, on 7/22/2006 Platform: Windows XP
Remove Advertisements Sponsored Links TechSupportForum.com Advertisement 06-18-2007, 10:20 AM #2 justpassingby TSF Team, Emeritus Join Date: Mar 2007 Location: Belgium Posts: 6,641 OS: XP Home SP3 / How To Change Folder Name Color In Windows 7 solution has helped me in very easy manner... Both 32-bit and 64-bit systems are supported. For Windows XP at file offset 120 an 8 byte Windows Filetime is stored which is the Last Execution Time.
Trevor has now kindly fixed it for me and will no doubt circulate the revised script. http://www.nirsoft.net/utils/computer_activity_view.html Windows automatically compresses files that do not get used frequently, and displays those files in blue. Blue File Names Windows 7 Computer forensic investigators, law enforcements officers, intelligence services and IT security professionals need a guide to tell them where criminals can conceal their data in Windows® OS & multimedia files and How To Change The Color Of A File Name Notify me of new posts by email.
Pfdump outputs to the console and the Prefetch File Analysis enscript outputs to bookmarks.UserAssistUserAssist is a method used to populate a user's start menu with frequently used applications. moving just changes a pointer in the directory. Lost Files in Encase on an NTFS volume are files that have an MFT entry but their parent folder has been deleted. Thanks i'll be looking forward for new findings too... « windows cannot find null | System icon like folder in Kill process » Thread Tools Show Printable Version Download Thread Blue Folder Software
Trying to access my files a few problems Cannot connect to HTTP, only HTTPS) Current Temperatures Can't forward port Three Cheers for EDYOUKAYSHUN! » Site Navigation » Forum> User CP> FAQ> This process is designed to speed up the loading of applications (with regards to application prefetching) by storing data required by the program during the first ten seconds of use in Version 1.16: For 'Run .EXE file' actions, the version information of the .exe file is now displayed in the 'More Information' column. If you delete the entries under the above Registry keys (with RegEdit), Windows will not rememeber your last saved file/folder.
In my case the answer lay in two areas - Prefetch and User Assist.PrefetchMy suspect was using Microsoft Windows XP. Ntfs Files A possible explanation is that if the application's prefetch file is deleted when the application is next used the prefetch run count starts again from 1.Referenceshttps://42llc.net/index.php?option=com_myblog&show=Prefetch-Files-Revisited.html&Itemid=39 http://en.wikipedia.org/wiki/Prefetcher http://members.rushmore.com/~jsky/id14.html http://members.rushmore.com/~jsky/id37.html http://jessekornblum.com/presentations/dodcc08-2.pdf Posted Not only the color of the names of files, I just want to remove even the compressionthank you 5 answers Last reply Jun 30, 2011 More about decompress blue files compressed
Informations bibliographiquesTitreData Hiding Techniques in Windows OS: A Practical Approach to Investigation and DefenseAuteursNihad Ahmad Hassan, Rami HijaziÉditeurSyngress, 2016ISBN0128044969, 9780128044964Longueur324 pages  Exporter la citationBiBTeXEndNoteRefManÀ propos de Google Livres - Règles de confidentialité - Related Resources How to decompress bootmgr windows 7 How to decompress bootmgr windows 7 How to delete files which aapear in blue letters in windows7 Bdgue files compressed wont start up It's a feature of the NTFS file system used by XP. What Color Does The Text Title Of A Folder On The Desktop Change To When Compressed? IMHO, the gain of space is not big enough compared to the loss of performances and I never check the "compress old files" box when I run disk cleanup.
After you finish the translation, Run LastActivityView, and all translated strings will be loaded from the language file. User Logon: The user logged on to the system. There are many techniques currently available to encrypt and secure our communication channels. This week, that seems to have come back to haunt me.
They seem to have the view that any thing currently living in unallocated clusters somehow magically arrived there and has nothing whatever to do with the computer's user.Obviously we try and I am a freelance computer forensics consultant and welcome enquiries sent to DC1743 (at) gmail dot com Factory Clock Please Subscribe To This Blog Posts Atom Posts All Comments Atom All To remove the needed registry entries, go to Start -> Run and type in regedit. For information about how to edit the registry in Windows, from your desktop, click Start -> Run -> and type regedit.
How to delete the information displayed by LastActivityView... Open file or folder: The user opened the specified filename from Windows Explorer or from another software. Events log of Windows operating system: The following events are taken from the Events log of Windows: User Logon, User Logoff, Windows Installer Started, Windows Installer Ended, System Started, System Shutdown, Since the release of LastActivityView utility, many people contact me with the same question: How do I delete the information displayed by LastActivityView ?
Start Using LastActivityView LastActivityView doesn't require any installation process or additional dll files. What I can suggest here is "SparseChecker" http://www.opalapps.com/sparse_checker/sparse_checker.html . Open/Save MRU list in the Registry: Every time that you choose a filename in a standard open/save dialog-box of Windows, a new Registry entry is added under the following key: On Blue Screen: Blue screen event has been occurred on the system.
Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window. But if the file/folder is encrypted, the text will be green. User Logoff: The user logged off from the system. Sleep: The computer has been placed into sleep mode.
Having done this in Entries view I am sorting by selection (blue tick) then highlighting a blue ticked file, then sorting by name. License This utility is released as freeware.