> -----Original Message----- > From: Christopher Howell [mailto:howellcat_private] > Sent: 29. sijeeanj 2003 18:23 > To: forensicsat_private > Subject: Identifying Win2K/XP Encrypted Files > > > Does anyone know a slick way to find encrypted files on a > running Win2K/XP machine? If I am tasked with seizing one, > and find it on and logged in, it would be nice to be able to > identify files encrypted with Windows before I pull the plug. > It seems to me the only way to do it is to view the > attributes in Windows Explorer - but short of clicking down > through the whole tree, I don't see how to find encrypted > files that are in non-encrypted folders or a level or two down... > > Anyone with ideas on this? Use cipher utility which comes with Windows 2000 and with some parsing you'll be able to easily find encrypted files. If you want to run it on whole HDD be sure to redirect output to some file which you can check later. Ie: c:\> cipher /S:C:\ > output and then output file will contain something like: Listing C:\ New files added to this directory will not be encrypted. U 23990098.$$$ E test U AdobeWeb.log U Documents and Settings U fport-2.0 File test is encrypted, other files and directories are not encrypted. Best regards, Bojan Zdrnja ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 04:57:40 PST