Nihad focuses on the subject of computer forensics and anti-forensic techniques in Windows® OS, especially the digital steganography techniques. Data Hiding Techniques in Windows OS is a response to all these concerns.

Click on the "Advanced" button. Disclaimer The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Version 1.12: You can now choose the desired encoding (ANSI, UTF-8, UTF-16) to save the csv/xml/text/html files. (Under the Options menu) Version 1.11: LastActivityView now uses the 8 date/time values stored Unfortunately prefetch files are not differentiated by user.

Version 1.03: Added secondary sorting: When clicking the 'Description' column header, the list is sorted by the Description, and then by the 'Action time' column. Added secondary sorting support: You can now get a secondary sorting, by holding down the shift key while clicking the column header. Under the "View" tab, uncheck the "Show encrypted or compressed NTFS files in color" setting in the "Advanced settings" area. Steganography is the science of hiding data.

  1. Thanks i'll be looking forward for new findings too... :) 02-25-2009, 11:26 PM #5 Salis Dogar Registered Member Join Date: Feb 2009 Posts: 2 OS: Win XP SP2
  2. I had only one user in my case and the UserAssist count was significantly greater albeit that both were four figure numbers.
  3. LastActivityView uses this folder for 'Run .EXE file' event.
Version 1.15: Added option to show only the activity in the last xx seconds/minutes/hours/days (In 'Advanced Options' window). It is possible to have a number of files in the virtual Lost Files folder that have the same file name (and path).

http://www.tomshardware.com/forum/17930-63-decompress-blue-files-compressed

Remove Advertisements Sponsored Links TechSupportForum.com Advertisement 06-18-2007, 10:20 AM #2 justpassingby TSF Team, Emeritus Join Date: Mar 2007 Location: Belgium Posts: 6,641 OS: XP Home SP3 / How To Change Folder Name Color In Windows 7 solution has helped me in very easy manner... Both 32-bit and 64-bit systems are supported. For Windows XP at file offset 120 an 8 byte Windows Filetime is stored which is the Last Execution Time.

Trevor has now kindly fixed it for me and will no doubt circulate the revised script. http://www.nirsoft.net/utils/computer_activity_view.html Windows automatically compresses files that do not get used frequently, and displays those files in blue. Blue File Names Windows 7 Computer forensic investigators, law enforcements officers, intelligence services and IT security professionals need a guide to tell them where criminals can conceal their data in Windows® OS & multimedia files and How To Change The Color Of A File Name Notify me of new posts by email.

Pfdump outputs to the console and the Prefetch File Analysis enscript outputs to bookmarks.UserAssistUserAssist is a method used to populate a user's start menu with frequently used applications. moving just changes a pointer in the directory. Lost Files in Encase on an NTFS volume are files that have an MFT entry but their parent folder has been deleted. Thanks i'll be looking forward for new findings too... « windows cannot find null | System icon like folder in Kill process » Thread Tools Show Printable Version Download Thread Blue Folder Software

Trying to access my files a few problems Cannot connect to HTTP, only HTTPS) Current Temperatures Can't forward port Three Cheers for EDYOUKAYSHUN! » Site Navigation » Forum> User CP> FAQ> This process is designed to speed up the loading of applications (with regards to application prefetching) by storing data required by the program during the first ten seconds of use in Version 1.16: For 'Run .EXE file' actions, the version information of the .exe file is now displayed in the 'More Information' column. If you delete the entries under the above Registry keys (with RegEdit), Windows will not rememeber your last saved file/folder.

In my case the answer lay in two areas - Prefetch and User Assist.PrefetchMy suspect was using Microsoft Windows XP. Ntfs Files A possible explanation is that if the application's prefetch file is deleted when the application is next used the prefetch run count starts again from 1.Referenceshttps://42llc.net/index.php?option=com_myblog&show=Prefetch-Files-Revisited.html&Itemid=39 http://en.wikipedia.org/wiki/Prefetcher http://members.rushmore.com/~jsky/id14.html http://members.rushmore.com/~jsky/id37.html http://jessekornblum.com/presentations/dodcc08-2.pdf Posted Not only the color of the names of files, I just want to remove even the compressionthank you 5 answers Last reply Jun 30, 2011 More about decompress blue files compressed

Get the answer IjackApr 7, 2011, 4:38 AM Yes.

Informations bibliographiquesTitreData Hiding Techniques in Windows OS: A Practical Approach to Investigation and DefenseAuteursNihad Ahmad Hassan, Rami HijaziÉditeurSyngress, 2016ISBN0128044969, 9780128044964Longueur324 pages  Exporter la citationBiBTeXEndNoteRefManÀ propos de Google Livres - Règles de confidentialité - Related Resources How to decompress bootmgr windows 7 How to decompress bootmgr windows 7 How to delete files which aapear in blue letters in windows7 Bdgue files compressed wont start up It's a feature of the NTFS file system used by XP. What Color Does The Text Title Of A Folder On The Desktop Change To When Compressed? IMHO, the gain of space is not big enough compared to the loss of performances and I never check the "compress old files" box when I run disk cleanup.

After you finish the translation, Run LastActivityView, and all translated strings will be loaded from the language file. User Logon: The user logged on to the system. There are many techniques currently available to encrypt and secure our communication channels. This week, that seems to have come back to haunt me.

They seem to have the view that any thing currently living in unallocated clusters somehow magically arrived there and has nothing whatever to do with the computer's user.Obviously we try and I am a freelance computer forensics consultant and welcome enquiries sent to DC1743 (at) gmail dot com Factory Clock Please Subscribe To This Blog Posts Atom Posts All Comments Atom All To remove the needed registry entries, go to Start -> Run and type in regedit. For information about how to edit the registry in Windows, from your desktop, click Start -> Run -> and type regedit.

How to delete the information displayed by LastActivityView... Open file or folder: The user opened the specified filename from Windows Explorer or from another software. Events log of Windows operating system: The following events are taken from the Events log of Windows: User Logon, User Logoff, Windows Installer Started, Windows Installer Ended, System Started, System Shutdown, Since the release of LastActivityView utility, many people contact me with the same question: How do I delete the information displayed by LastActivityView ?

Start Using LastActivityView LastActivityView doesn't require any installation process or additional dll files. What I can suggest here is "SparseChecker" http://www.opalapps.com/sparse_checker/sparse_checker.html . Open/Save MRU list in the Registry: Every time that you choose a filename in a standard open/save dialog-box of Windows, a new Registry entry is added under the following key: On Blue Screen: Blue screen event has been occurred on the system.

Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window. But if the file/folder is encrypted, the text will be green. User Logoff: The user logged off from the system. Sleep: The computer has been placed into sleep mode.

Having done this in Entries view I am sorting by selection (blue tick) then highlighting a blue ticked file, then sorting by name. License This utility is released as freeware.

