i have txt file in drive d
can i prove that it hasnn't been copied from drive c ?
through $logfile
thanks
in other words how can i access $logfile of that text file?
thanks in advance
Please note the guidelines for forum posting
1. Provide as much information as possible. Explain why you're asking the question, describe any software or hardware in detail (including version numbers), include details about your own background or experience (if relevant).
2. Describe what you have already done to answer the question or solve the problem. Have you searched these forums? Have you Googled? What did you find?
i have txt file in drive d
can i prove that it hasnn't been copied from drive c ?
through $logfile
thanksin other words how can i access $logfile of that text file?
thanks in advance
Look for link files
Look at objids
Paul,
I'm sincerely curious…what, specifically, should the OP look for, and what about "link files" or ObjIDs would be useful in addressing their question?
Thanks.
Paul,
I'm sincerely curious…what, specifically, should the OP look for, and what about "link files" or ObjIDs would be useful in addressing their question?
Thanks.
Really, I would have thought you would know what the value of object ID's are.
But time is very short here and I dont have any resources to post links to to hand (google is your friend)
Link files may show the file name on a different volume giving an indication that the file has been copied.
Link files can also contain object ID's (as can MFT entries). Object ID's can contain a reference to the birth volume and the current volume BirthVolID and NewVolID
Oops just found these
RFC 4122 – A universally Unique Identifier (UUID) URN
http//
MS-DLTW – Distributed Link Tracking Workstation Protocol Specification
http//
MS-DTLM - Distributed Link Tracking Central Manager Protocol Specification
http//
There is also some information in the LinkAlyzer manual - dont have time to post screen shots from there - sorry. The manual is installed with the demo version.
http//
Really, I would have thought you would know what the value of object ID's are.
Sorry to bother you.
I asked a sincere question, in order to address the original poster's question, in hopes that you could provide some insight to the OP as to how Link files and ObjIDs could be used to address the question at hand. Honestly, I didn't expect such an acerbic response. Again, sorry to bother you.
i have txt file in drive d
can i prove that it hasnn't been copied from drive c ?
You may be able to provide indications that the file may have been copied (or not) from the C\ volume to the D\ volume, via time stamp analysis (depending upon the file system), per
http//
Proving definitively that something was copied is difficult without actually video-taping the user and the desktop, as the argument may be made that some other action led to the file's presence on the D\ volume.
On it's face, the use of Windows shortcut\LNK files in order to demonstrate that a file was copied from one volume to another is dependent upon the user double-clicking the file in order to open it once it's been copied.
I would recommend that you test the use of LNK files, in order to see for yourself what they can show WRT your question.
Lol so many personalities on this forum with sarcastic non-answer answers. Perhaps a prefetch thread may give some insight.
Lol so many personalities on this forum with sarcastic non-answer answers. Perhaps a prefetch thread may give some insight.
I would sincerely appreciate it if you could share your insights, as well.
Thank you.
Lol so many personalities on this forum with sarcastic non-answer answers. Perhaps a prefetch thread may give some insight.
Is it possible that you are confusing the elenchus method with sarcasm?