The marsware tool "mdir" is easier to use in my opinion than cipher but costs $. www.dmares.com Michael Burnette Rogers & Hardin LLP Atlanta, GA -----Original Message----- From: Christopher Howell [mailto:howellcat_private] Sent: Wed 1/29/2003 12:23 PM To: forensicsat_private Cc: Subject: Identifying Win2K/XP Encrypted Files Does anyone know a slick way to find encrypted files on a running Win2K/XP machine? If I am tasked with seizing one, and find it on and logged in, it would be nice to be able to identify files encrypted with Windows before I pull the plug. It seems to me the only way to do it is to view the attributes in Windows Explorer - but short of clicking down through the whole tree, I don't see how to find encrypted files that are in non-encrypted folders or a level or two down... Anyone with ideas on this? Christopher Howell State Investigator, ACCCI, ACCFT New Jersey Division of Criminal Justice Computer Analysis and Technology Unit 609-984-9411 howellcat_private ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com This message and any attachments are intended for the use of the addressee(s) only and may be confidential and covered by the attorney/client and other privileges. If the reader is not the intended recipient, DO NOT READ, notify sender and delete this message. In addition, be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 05:32:16 PST