IEF missing Shareaz...
 
Notifications
Clear all

IEF missing Shareaza artefacts

6 Posts
3 Users
0 Likes
806 Views
Omnius
(@omnius)
Posts: 39
Eminent Member
Topic starter
 

Hi guys,

Come across a few issues with recent versions of IEF, specifically versions 6.52.0766 and 6.70.0447.

One particular concern is that it does not appear to pull out Shareaza search terms from NTUSER.dat, the Shareaza version running on the suspects machine is V2.6.0.0 which isn't exactly new.

The most recent version of IEF (v6.70.0447) fails to acknowledge any Shareaza artefacts at all despite previous IEF versions managing to locate items in Pagesys or unallocated clusters.

Main reason of this post is to alert others that they may be missing important information and to ask if others have experienced similar problems in other areas that should be noted.

 
Posted : 12/10/2015 2:48 pm
(@chris55728)
Posts: 49
Eminent Member
 

It's worth logging this with IEF Support (if you've not already done so) as they're pretty good at getting back to you in a timely fashion.

 
Posted : 12/10/2015 3:20 pm
Omnius
(@omnius)
Posts: 39
Eminent Member
Topic starter
 

They have been notified, albeit that the issue was with V2.7 of Shareaza.
They acknowledged that Shareaza had been updated to V2.7.7.0 last month and recommended updating to IEF V6.6.3.0744. But the issue is still there even with an older Shareaza version and an updated IEF.

 
Posted : 12/10/2015 3:37 pm
Omnius
(@omnius)
Posts: 39
Eminent Member
Topic starter
 

I've received a further reply, they say that current keyword results are limited to the Searches.dat file and Unallocated clusters, they are looking into adding back NTUSER.dat results soon.

 
Posted : 15/10/2015 2:04 pm
(@randomaccess)
Posts: 385
Reputable Member
 

Have you looked at writing a regripper plugin to pull out the search results from the ntuser.dat?

 
Posted : 16/10/2015 3:21 am
Omnius
(@omnius)
Posts: 39
Eminent Member
Topic starter
 

Hopefully IEF support will return soon so I won't have to, currently using AD's Reg Viewer.

 
Posted : 16/10/2015 12:16 pm
Share: