PassMark Software

Announcement

Collapse
No announcement yet.

How to use temp files from osforensics

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to use temp files from osforensics

    Hi

    i used the osforensics from usb, and i notice that the temp folder has a 1.2 gb file. I tried to open this files, but i see that is a esedb file.

    Can i open or import this file to see the Recent Activities using OSF? Its very dificult to read this file from Esedb tools.

  • #2
    The temp folder is used to hold temporary files. It wasn't intended that the user pokes around in there to directly view / examine the files.

    Here is one example of how it works:
    When you are examining a dd image, the normal Window files system can't directly access the file in the image. Meaning that you can't view files in Windows Explorer, or directly open the the files in any utility. For example you can't use Notepad to look at a file in a dd image, as there is no drive letter, no path, etc...

    For certain activities OSF needs to use external utilities (or the Win32 API functions) on files. So to do this it extracts a copy of the file from the dd image to a temp folder, then does whatever it needs to do on the file from the temp folder (e.g. decrypt it or extract the text from it).

    So any file left around in the temp folder will be as a result of some previous action you have taken, and the file will be a copy of what is in the image itself. So there really should never be any need to view or touch the files in the temp folder.

    Note: If OSF is not running then it is safe to delete the content of the temp folder.

    Comment

    Working...
    X