Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pagefile.sys


  • Please log in to reply
2 replies to this topic

#1 krm41

krm41

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 17 December 2007 - 08:22 AM

I was told that I could look in this file. I am assuming this is what is called the swap file. Am I right? I need to know if anyone knows of a good text editor or any other software that can open this file. Thank you so much!!!

BC AdBot (Login to Remove)

 


m

#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:12:09 AM

Posted 17 December 2007 - 10:03 AM

I'm not aware of any programs that allow you to view the contents of the pagefile.sys file in a human-readable form. The Page File is essentially an extension of your system's built-in RAM and so does not store data in file and folders like we're used to seeing. The data is, rather, in binary format and is addressed very differently than long term storage (like your hard drive).

That being said, I'm sure that their is some program out their, probably used by forensic data recovery labs (like the ones used by the FBI and also commercial labs that do data recovery). As to whether there are any programs that are publicly available, I'm not sure. A cursory Google search yieded http://www.forensicbootcd.com/site/view.html which says it can extract e-mail addressed and URL's from the pagefile.

The software from http://www.ilook-forensics.org/ seems to be what you'd want, but it's only available to law enforcement.

Another site, http://www.guidancesoftware.com/products/ef_index.asp , seems to offer another program to the public, but it's not free and there's no demo download.

If you find a program, please let us know! I'd never thought about looking inside the pagefile but now you've piqued my interest.

#3 krm41

krm41
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 17 December 2007 - 12:23 PM

I will definitely keep you updated as I am going to pursue this... Thank you so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users