there is a tool called "efsinfo" in Win2k Resource kit. It does just that, ie displays the encryption staus for the files in the curent folder. Best regards, Radu -----Mesaj original----- De la: Christopher Howell [mailto:howellcat_private] Trimis: January 29, 2003 12:23 PM Catre: forensicsat_private Subiect: Identifying Win2K/XP Encrypted Files Does anyone know a slick way to find encrypted files on a running Win2K/XP machine? If I am tasked with seizing one, and find it on and logged in, it would be nice to be able to identify files encrypted with Windows before I pull the plug. It seems to me the only way to do it is to view the attributes in Windows Explorer - but short of clicking down through the whole tree, I don't see how to find encrypted files that are in non-encrypted folders or a level or two down... Anyone with ideas on this? Christopher Howell State Investigator, ACCCI, ACCFT New Jersey Division of Criminal Justice Computer Analysis and Technology Unit 609-984-9411 howellcat_private ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 05:20:36 PST