Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: bradshaw48
New Today: 1
New Yesterday: 1
Overall: 29280

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Final Year Project
 Android devices with PIN screen lock and without USBdebb. on
 Can file creation and modifications on pendrives be found?
 Viewing real MAC times of a timestomped file
 software that can view files in Volume Slack

Computer Forensics World Forums


Pages Served
We received
49763353
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - pagefile.sys
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

pagefile.sys

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
forensikman
Newbie
Newbie


Joined: Sep 20, 2015
Posts: 2

PostPosted: Sun Sep 20, 2015 5:08 pm    Post subject: pagefile.sys Reply with quote

Hello, I am a newbe in this area.
I use winhex forensics.
I open a pagefile.sys from a win 7 OS.
I know, this file was make on june 2011 and the last touch was july 2015.
Ok.
In this file, I see a lot of www links and downloads.
But I don`t see the Date and time of making the Link from User.
With the Dolmetcher I cannot see the right Informations.
How can I see the real Date and Time?

regards
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon Sep 21, 2015 12:22 am    Post subject: Reply with quote

Do you know how Windows uses pagefile.sys?

I think you would be well served by doing a bit of reading: "http://www.iosrjournals.org/iosr-jce/papers/Vol16-issue2/Version-5/C016251116.pdf", "http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA493787", and "http://brage.bibsys.no/xmlui/bitstream/handle/11250/143807/Hameed%2BIqbal.pdf?sequence=1" would be a good start.

The pagefile.sys is stored as a bunch of 4k blocks, it is "virtual memory". Are you expecting to find a lot of contiguous files with dates and times and similar? If so you will be disappointed.
Back to top
View user's profile
forensikman
Newbie
Newbie


Joined: Sep 20, 2015
Posts: 2

PostPosted: Mon Sep 21, 2015 4:07 am    Post subject: Reply with quote

ok. I will read it.

I have recovered on a HD deleted files without Date and Time, because the PC are formatted.
The Winhex cannot see this files.
How can I find the real download and save Time and Date?
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Wed Sep 23, 2015 9:55 am    Post subject: Reply with quote

forensikman wrote:
I have recovered on a HD deleted files without Date and Time, because the PC are formatted.
True

forensikman wrote:
The Winhex cannot see this files.
Or you need to use Winhex or some of the other tools that are available to perform some data carving?

forensikman wrote:
How can I find the real download and save Time and Date?
Learn to perform forensics on the INFO2 file and some of the other artifacts?
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.