RE: Raspuns: Identifying Win2K/XP Encrypted Files

From: Larry Seltzer (larryat_private)
Date: Wed Feb 05 2003 - 07:16:28 PST

Next message: raymond ip: "RE: MD5 Exploit Database?"

Previous message: Simson L. Garfinkel: "confusion about 256 bits vs. 256 processors"
In reply to: LupulDacic: "Raspuns: Identifying Win2K/XP Encrypted Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Or in Windows Explorer (at least in Windows XP Pro, which I'm running now) add file
attributes to the list of columns in the file display and encrypted files will show an
'E'. (To add attributes right-click the column titles and select 'Attributes').

-----Original Message-----
From: LupulDacic [mailto:scoril02002at_private] 
Sent: Monday, February 03, 2003 1:37 AM
To: Christopher Howell; forensicsat_private
Subject: Raspuns: Identifying Win2K/XP Encrypted Files

there is a tool called "efsinfo" in Win2k Resource kit. It does just that, ie displays
the encryption staus for the files in the curent folder.

Best regards,
Radu

-----Mesaj original-----
De la: Christopher Howell [mailto:howellcat_private]
Trimis: January 29, 2003 12:23 PM
Catre: forensicsat_private
Subiect: Identifying Win2K/XP Encrypted Files

Does anyone know a slick way to find encrypted files on a running Win2K/XP machine?  If
I am tasked with seizing one, and find it on and logged in, it would be nice to be able
to identify files encrypted with Windows before I pull the plug.  It seems to me the
only way to do it is to view the attributes in Windows Explorer - but short of clicking
down through the whole tree, I don't see how to find encrypted files that are in
non-encrypted folders or a level or two down...

Anyone with ideas on this?

Christopher Howell
State Investigator, ACCCI, ACCFT
New Jersey Division of Criminal Justice
Computer Analysis and Technology Unit
609-984-9411
howellcat_private

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more information
on this free incident handling, management and tracking system please see:
http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more information
on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: raymond ip: "RE: MD5 Exploit Database?"
Previous message: Simson L. Garfinkel: "confusion about 256 bits vs. 256 processors"
In reply to: LupulDacic: "Raspuns: Identifying Win2K/XP Encrypted Files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 10:44:21 PST