Although not guaranteed, encrypted files are files with high entropy that do not have a header indicating that they are a compressed with a recognized format. Truthfully, this approach will not recognize files that are compressed with unrecognized algorithms. But for all purposes, such files are actually encrypted. I have written a small program in the past that finds encrypted files. If you wish, I could dig it up and polish it off. On Wednesday, January 29, 2003, at 12:23 PM, Christopher Howell wrote: > Does anyone know a slick way to find encrypted files on a running > Win2K/XP machine? If I am tasked with seizing one, and find it on and > logged in, it would be nice to be able to identify files encrypted > with Windows before I pull the plug. It seems to me the only way to > do it is to view the attributes in Windows Explorer - but short of > clicking down through the whole tree, I don't see how to find > encrypted files that are in non-encrypted folders or a level or two > down... > > Anyone with ideas on this? > > > Christopher Howell > State Investigator, ACCCI, ACCFT > New Jersey Division of Criminal Justice > Computer Analysis and Technology Unit > 609-984-9411 > howellcat_private > > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 05:31:43 PST