IEF missing Shareaz...
 
Notifications
Clear all

IEF missing Shareaza artefacts  

  RSS
Omnius
(@omnius)
Junior Member

Hi guys,

Come across a few issues with recent versions of IEF, specifically versions 6.52.0766 and 6.70.0447.

One particular concern is that it does not appear to pull out Shareaza search terms from NTUSER.dat, the Shareaza version running on the suspects machine is V2.6.0.0 which isn't exactly new.

The most recent version of IEF (v6.70.0447) fails to acknowledge any Shareaza artefacts at all despite previous IEF versions managing to locate items in Pagesys or unallocated clusters.

Main reason of this post is to alert others that they may be missing important information and to ask if others have experienced similar problems in other areas that should be noted.

Quote
Posted : 12/10/2015 3:48 pm
Chris55728
(@chris55728)
Junior Member

It's worth logging this with IEF Support (if you've not already done so) as they're pretty good at getting back to you in a timely fashion.

ReplyQuote
Posted : 12/10/2015 4:20 pm
Omnius
(@omnius)
Junior Member

They have been notified, albeit that the issue was with V2.7 of Shareaza.
They acknowledged that Shareaza had been updated to V2.7.7.0 last month and recommended updating to IEF V6.6.3.0744. But the issue is still there even with an older Shareaza version and an updated IEF.

ReplyQuote
Posted : 12/10/2015 4:37 pm
Omnius
(@omnius)
Junior Member

I've received a further reply, they say that current keyword results are limited to the Searches.dat file and Unallocated clusters, they are looking into adding back NTUSER.dat results soon.

ReplyQuote
Posted : 15/10/2015 3:04 pm
randomaccess
(@randomaccess)
Active Member

Have you looked at writing a regripper plugin to pull out the search results from the ntuser.dat?

ReplyQuote
Posted : 16/10/2015 4:21 am
Omnius
(@omnius)
Junior Member

Hopefully IEF support will return soon so I won't have to, currently using AD's Reg Viewer.

ReplyQuote
Posted : 16/10/2015 1:16 pm
Share: