Posted: Sun Sep 20, 2015 5:08 pm Post subject: pagefile.sys
Hello, I am a newbe in this area.
I use winhex forensics.
I open a pagefile.sys from a win 7 OS.
I know, this file was make on june 2011 and the last touch was july 2015.
In this file, I see a lot of www links and downloads.
But I don`t see the Date and time of making the Link from User.
With the Dolmetcher I cannot see the right Informations.
How can I see the real Date and Time?
I think you would be well served by doing a bit of reading: "http://www.iosrjournals.org/iosr-jce/papers/Vol16-issue2/Version-5/C016251116.pdf", "http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA493787", and "http://brage.bibsys.no/xmlui/bitstream/handle/11250/143807/Hameed%2BIqbal.pdf?sequence=1" would be a good start.
The pagefile.sys is stored as a bunch of 4k blocks, it is "virtual memory". Are you expecting to find a lot of contiguous files with dates and times and similar? If so you will be disappointed.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum