Dose Anyone Know Were Windows Secret Orphan?
Does anyone know were windows secret orphan recorded segment files are at. I know 88% of advanced windows user don’t know were or even this existed. Its the secret location that microsoft and forensics don’t want you to know about. Its a location that host invisible recorded segment events of all activity on the pc from the time it was new to current date. No its not flack of installed program or deleted items its just a log list. no its not a cookie or temp file. the reason im looking for it is because I want to use it as a way to monitor other users on my pc. to make sure there not going to site I don’t want them to and there not downloading certain things I don’t permit.This log and secret recorder is also a great way to look for certain files that might have been deleted. Note so you know this is not shadow copy in windows my friend. Its called orphan recorded segments files.secret location. I know how to remove them but that’s not my interest. I want to know were there at to view them only. (ITS NOT ANYTHING TO DO WITH SHADOW COPY)
The files are named Index.dat. They are only accessible on off-line profiles and only by editing the desktop.ini files in the folder and its parent folder. The files are binary and require special forensic tools to expose the full contents. Much of the data is stored in Alternate Data Streams and the full data is a combination of the file’s contents and the ADS stream.
This data is only accessible with purpose build forensic tools and only by making a mirror sector-by-sector copy of the drive first. I’m not aware of any on-line tools that will access the data within these files and present it in a usable format. Windows must NOT be running on the target drive that is being examined.
If 88% of the advanced windows users don’t know about how come you know it?
You have your facts mixed up. You clearly aren’t an advanced windows user as you have no idea what you’re talking about.
You get orphaned file segments if and when the filesystem (NTFS) is corrupted. Nothing more, nothing less. This has absolutely NOTHING to do with ‘secretly’ recording your actions.
An orphan file record segment is merely a collection of data in the NTFS Master File Table that references files that have been deleted and no longer exist. It is NOT an “activity log,” and merely tells you what files USED to exist on that drive. They will not tell you what sites people have been going to though, nor what they have been downloading (unless you have the records for the download folder). CHKDSK will fix them for you, but there is no reason to view them, nor will you get any useful information by doing so, unless you enjoy looking at long random strings of hexadecimals. If you want to spy on other computer users, look into a commercial activity monitor.