Identifying Win2K/XP Encrypted Files

From: Christopher Howell (howellcat_private)
Date: Wed Jan 29 2003 - 09:23:01 PST

Next message: William Sykes: "RE: IDS and forensics"

Previous message: Simson L. Garfinkel: "Re: IDS and forensics"
Next in thread: Bojan Zdrnja: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Bojan Zdrnja: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Matthew S. Hamrick: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Simson L. Garfinkel: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Burnette, Michael: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Craig Earnshaw: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Glenn_Everhartat_private: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Bob the Builder: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Dante Mercurio: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Burnette, Michael: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Altheide, Cory B.: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Kevin.M-CTR.Shannonat_private: "RE: Identifying Win2K/XP Encrypted Files"
Reply: John Howie: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Christopher Howell: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Clifford Thurber: "RE: Identifying Win2K/XP Encrypted Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Does anyone know a slick way to find encrypted files on a running Win2K/XP machine?  If I am tasked with seizing one, and find it on and logged in, it would be nice to be able to identify files encrypted with Windows before I pull the plug.  It seems to me the only way to do it is to view the attributes in Windows Explorer - but short of clicking down through the whole tree, I don't see how to find encrypted files that are in non-encrypted folders or a level or two down...

Anyone with ideas on this?


Christopher Howell
State Investigator, ACCCI, ACCFT
New Jersey Division of Criminal Justice
Computer Analysis and Technology Unit
609-984-9411
howellcat_private



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: William Sykes: "RE: IDS and forensics"
Previous message: Simson L. Garfinkel: "Re: IDS and forensics"
Next in thread: Bojan Zdrnja: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Bojan Zdrnja: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Matthew S. Hamrick: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Simson L. Garfinkel: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Burnette, Michael: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Craig Earnshaw: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Glenn_Everhartat_private: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Bob the Builder: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Dante Mercurio: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Burnette, Michael: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Altheide, Cory B.: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Kevin.M-CTR.Shannonat_private: "RE: Identifying Win2K/XP Encrypted Files"
Reply: John Howie: "RE: Identifying Win2K/XP Encrypted Files"
Reply: Christopher Howell: "Re: Identifying Win2K/XP Encrypted Files"
Reply: Clifford Thurber: "RE: Identifying Win2K/XP Encrypted Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 03:18:41 PST