View Single Post
01 Oct 2012  
MilesAhead

Windows 7 32 bit
 
 

Quote   Quote: Originally Posted by Britton30 View Post
Since there is much discussion of overwriting the pagefile.sys I am wondering is there a way to read its contents?

I'd also like to view contents of thumbs.db (I think) just to see what if any info is stored in them.
The storage tends to be data allocated by programs. For example, if I wrote a program that changes a graphics file from one format to another, I might allocate a few hundred MB for a buffer to read the whole file into. If memory is short on the system, when another app needs memory, my data may be "swapped out" to the page file.

Program code is considered to already be "paged" in the exe file that sits on disk. That's one reason why the OS frowns on altering code in memory. That and security/malware reasons. But if you can alter the code in ram then the image on disk is not an accurate copy anymore etc..

If your machine was actually some financial server or constantly processed credit card info, then you may want to encrypt the page file for security.

Here's a couple of links with some more info.

Pagefile.sys - Forensics Wiki

Encrypt Your Windows Pagefile To Improve Security

One way to read your pagefile would be to boot a Linux CD and use a hex editor to view it. Likely some of the contents would be text. Skimming it you would likely find sections with readable text.
My System SpecsSystem Spec