|
|
Article DetailsThis article covers the WindowsMail.MSMessageStore database used by Windows Mail. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly gather all file signatures (file headers) from all files within a case for review and/or research purposes. This article will use the tools Header Grab Advanced, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly view and export search results from Winhex POS files to CSV format. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to quickly search for and detect any hidden worksheets present within a Microsoft Excel Workbook (xls and xlsx). This article will use the tools XLS Worksheet Detect Free and commercial versions, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
A short guide covering how to batch preview URL files used to store favorites information in Internet Explorer. This article will use the tool URL Previewer, part of the Simple Carver Suite. This article may serve as an aid to forensic examiners or data recovery technicians.
- Active Links: 10
- Pending Links: 3
- Todays Links: 0
- Total Articles: 16
- Total Categories: 4
- Sub Categories: 0
Windows Photo Gallery Primer |
| Date Added: July 14, 2009 07:58:45 PM |
| Author: admin |
| Category: Documents |
This article covers the program Windows Photo Gallery and analysis of data file typically titled pictures.pd4 file and how to extract the content for review. Windows Photo Gallery (WPG) is a multimedia management tool developed by Microsoft and comes installed as part of the Microsoft Windows Vista operating system. It is accessible from the Start menu under 'Programs'. WPG allows you to batch preview photo and video content as a series of thumbnails serving as an electronic photo album. A user can add additional information or 'tags' to each entry including comments, ratings and other descriptive information.
The above picture shows WPG running and previewing both video and picture files. New files are added from the menu option 'Add Folder to Gallery'. Files can be previewed by tag, date or by rating, views can be filtered to show only picture, video or both. The information generated when a user has previewed files using WPG is written to disk in a single file, this is typically titled 'pictures.pd4', one file exists for each profile on the computer in the following location:
VOLUME\Users\PROFILE\AppData\Local\Microsoft\Windows Photo Gallery
Information is also written to disk in the Vista Operating system thumbcache file; this is where the picture information is stored. When a user previews using WPG the generated thumbnail pictures are stored in the thumbcache files relating to that particular profile. Each user profile on the computer has its own thumbcache repository. It is important to note that the Vista operating system thumbcache is not only used by WPG, it also stores thumbnail pictures in the cache when previewing using Windows explorer.
VOLUME\Users\PROFILE\AppData\Local\Microsoft\Windows\Explorer
The WPG data file can be readily examined using the tool WPG Viewer a forensic software tool which is part of the Simple Carver Suite and is capable of reading the 'pictures.pd4' file.
The WPG data (picture.pd4) file contains a wealth of information including but not limited to File Path information, file properties, source label (hard disk drive label), source serial (volume serial number), user rating information, tag information, comments and descriptions and thumbnail moniker. |
