Windows File Analyzer: A Tool for Forensic File Analysis!

While performing Windows file Forensics, some folders/files are of importance. The best example being the thumbs.db file. The thumbs.db file is a thumbnail cache that is used to store thumbnail images for Windows Explorer’s thumbnail view. This speeds up the display of images as the smaller images do not need to be recalculated every time the user views the folder. You can use the Windows File Analyzer to analyze this file and check what kind of images was the computer used to view.

Windows File Analyzer decodes and analyzes some special files/folders used by Windows OS. These files/folders are:

• Thumbs.db
• Prefetch folder
• Shortcuts (.lnk files)
• Index.DAT
• Recycle Bin folder

We have tried to list the important points as to why these files/folders are important in Windows Forensic Analysis.

• Thumbs.db: The Thumbnail Analyser in Windows File Analyzer will extract the OLE embedded data from a Thumbs.db file and present the information in a visible format.
• Prefetch folder: The Prefetch Analyser in Windows File Analyzer lists commonly used applications/files on that OS. This can help you determine what files were accessed user will access the application.
• Shortcuts: The LNK Shortcut Analyzer in Windows File Analyzer will read all shortcut files in specified folder and displays data stored in them. The .LNK files inherit the “Creation Time” and “Last Accessed Date”
  of each relevant folder in the full path.
• Index.DAT: The Index.DAT Analyzer read’s the Index.dat file and displays its content. Index.dat files usually store data of Internet Explorer cookies, temporary files or history.
• Recycle Bin folder: The Recycle Bin Analyzer decodes and displays Info2 files that hold recycle bin content information.

Operating systems supported:
Windows 95
Windows 98
Windows ME
Windows NT 4.x
Windows 2000
Windows XP
Windows 2003
Windows Vista

Download Windows File Analyzer version 1.0.0 here.

Searches leading to this post:
index dat forensic, windows file analyzer, file forensics windows, forensic file analysis, forensic file explorer, dat file analyzer, index dat file analyser, file analyzer db, how to perform file analysis windows xp, open extract thumbs db 2009, chk file analysis, windows file search tools forensics, lnk analyzer, thumbnail analyzer, forensic website scrapping windows 7, reading thumbnailcache 32 db, prefetch files windows analyzer, reading pcap files windows, prefetch file analysis, perl read thumbs db

Related Posts

• January 21, 2010 -- Windows System State Analyzer- A must have tool for system analyzers!
• March 1, 2010 -- TweakNow PowerPack : Tweak your machine fast and easy.
• February 24, 2010 -- Export all Windows Logs from the Event Viewer from a Remote Machine!
• November 9, 2009 -- ff3hr: The Firefox 3 History Recoverer!
• October 22, 2009 -- UserAssist: View the running count & last execution time of a program
• September 10, 2009 -- GrokEVT – Read Windows NT/2K/XP/2K3 event logs
• August 30, 2009 -- Advance windows recovery – Boot Sector Explorer
• August 22, 2009 -- How to perform simple and advance data recovery?
• August 1, 2009 -- Black Hat 2009 July 25-30 archive details

Tagged as: Forensics, Windows, Windows File Analyzer, windows forensics