|
|
Article DetailsThis article covers the WindowsMail.MSMessageStore database used by Windows Mail. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly gather all file signatures (file headers) from all files within a case for review and/or research purposes. This article will use the tools Header Grab Advanced, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly view and export search results from Winhex POS files to CSV format. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly search for and detect any hidden worksheets present within a Microsoft Excel Workbook (xls and xlsx). This article will use the tools XLS Worksheet Detect Free and commercial versions, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to batch preview URL files used to store favorites information in Internet Explorer. This article will use the tool URL Previewer, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
- Active Links: 10
- Pending Links: 3
- Todays Links: 0
- Total Articles: 16
- Total Categories: 4
- Sub Categories: 0
Windows Search Primer |
| Date Added: February 16, 2009 01:21:41 AM |
| Author: admin |
| Category: Documents |
Windows Search is an indexed search engine released by Microsoft for the Windows OS. Windows search creates an index of the files on a computer, the type of files indexed by Windows search can be determined by the user. Searches can be performed on the filenames, file contents and meta-data. The default name for the main index database is ‘Windows.edb’ The default location for the database on Vista is: ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb This folder may also contain transaction logs and other files required for the d atabase/engine to function correctly as shown below.
The user can determine what is indexed via the Control Panel
Control Panel > Indexing Options
By reviewing the advanced options of the ‘Indexing Options’ screen you can determine which file types can be indexed and to what extent.
The screenshot below show that emails (.eml) on the example system will be indexed to include both file properties and file content.
Microsoft includes a program called ‘esentutl’ which can be used to perform basic maintenance and recovery and has 7 modes of operation displayed in the screenshot below:
The actual content of the Windows.edb can include but is not limited to: Filenames Email addresses Email message content Documents (names and content) Metadata File path informationdDate/Time information. The content of the Windows.edb file can be extracted for further inspection using the Search Index Extractor, a forensic software utility part of the SC Suite.
|
