Or in Windows Explorer (at least in Windows XP Pro, which I'm running now) add file attributes to the list of columns in the file display and encrypted files will show an 'E'. (To add attributes right-click the column titles and select 'Attributes'). -----Original Message----- From: LupulDacic [mailto:scoril02002at_private] Sent: Monday, February 03, 2003 1:37 AM To: Christopher Howell; forensicsat_private Subject: Raspuns: Identifying Win2K/XP Encrypted Files there is a tool called "efsinfo" in Win2k Resource kit. It does just that, ie displays the encryption staus for the files in the curent folder. Best regards, Radu -----Mesaj original----- De la: Christopher Howell [mailto:howellcat_private] Trimis: January 29, 2003 12:23 PM Catre: forensicsat_private Subiect: Identifying Win2K/XP Encrypted Files Does anyone know a slick way to find encrypted files on a running Win2K/XP machine? If I am tasked with seizing one, and find it on and logged in, it would be nice to be able to identify files encrypted with Windows before I pull the plug. It seems to me the only way to do it is to view the attributes in Windows Explorer - but short of clicking down through the whole tree, I don't see how to find encrypted files that are in non-encrypted folders or a level or two down... Anyone with ideas on this? Christopher Howell State Investigator, ACCCI, ACCFT New Jersey Division of Criminal Justice Computer Analysis and Technology Unit 609-984-9411 howellcat_private ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 10:44:21 PST