Read pagefile.sys ?

[miggyal]

Hi

I have been reading an article that says private data can be read in the pagefile.sys file. What type of program do you use to view this file.
I am an administrator and want to view my pagefile.sys to see how vunerable this file is.

Also what is the advantage/disadvantage of clearing this file every shutdown?

Thanks in advance

 

[chiph]

This is the file that the operating system uses to create virtual memory. Normally, you are not able to read it as the file is locked while the system is running. But if you can boot off a bootdisk you may have access to it.

Information is written to it in 4k chunks by the operating system when it needs more memory. Information that gets written includes program code pages as well as application data pages. So anything you do on your PC could potentially end up there, unless the application was specially written not to use it (PGP encryption is one such program).

You cannot "clear" this file without trashing your OS.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[miggyal]

Will this file not be cleared when you choose to wipe pagefile on shutdown?

If the PC is started by a boot disk, will the file be readable just in DOS?

 

[chiph]

AFAIK, the file is never cleared.

The file will be readable by special programs if booting from a floppy or CD.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[miggyal]

What programs?

 

[chiph]

Do a google for computer forensic tools

But I think you're worrying over nothing.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first