Re: pagefile.sys

Discussion in 'Microsoft Certification' started by Colin Nash [MVP], Apr 24, 2004.

  1. 8:53AM is when he booted up his computer that morning.

    Try it on your own computer-- look at what time your pagefile.sys was last
    accessed. It will probably be whenever you booted up the system.

    (I'm assuming you are following the procedure of making an exact duplicate
    of the drive and collecting your data off that and not booting up with the
    suspect's drive!! Umm I worked at a police agency for a while... not as an
    officer but they showed me stuff ;) )

    This does seem a little weird to post here though...

    Colin Nash
    Microsoft MVP
    Windows Printing/Imaging/Hardware

    "elvis" <lancepowser(removethis)> wrote in message
    > The suspects machine (Windows XP) was involved in a yahoo IM chat with

    our U.C. officers. The chat started at 3:11:10PM and went on until
    6:01:21PM. The suspect was arrested at 8:00PM when he arrived at a meeting
    place. A search warrant was obtained and a computer from a local college was
    seized. This is where the suspect was chatting from. I have a P2P connection
    established. And a yahoo profile site of our U.C. officer visited by the
    suspect. These timestamps are in the correct time frame of when the chats
    occurred and are in line with the suspects BIOS time. However, in the
    pagefile.sys folder I have found numerous remnants of the chat. The time
    stamp on on the last written and last accessed of the pagefile.sys folder
    are 8:54:32AM. I am concerned about a defense attorney questioning why these
    stamps are not in line with time of the chat. I don't see how the timezone
    of where the yahoo server would be relevant as the remnants of the chats are
    being stored in the pagefile.sys folder on the suspects Hard Drive. Why
    wouldn't the time stamp be the same as when the chats were occurring? Please
    feel free to contact me offline.
    Colin Nash [MVP], Apr 24, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew K.

    Re: pagefile.sys

    Andrew K., Apr 25, 2004, in forum: Microsoft Certification
    Colin Nash [MVP]
    Apr 29, 2004
  2. peter walker

    Re: pagefile.sys

    peter walker, Apr 26, 2004, in forum: Microsoft Certification
    peter walker
    Apr 26, 2004
  3. J E L I E L ³

    PRoblem with pagefile.sys

    J E L I E L ³, Oct 18, 2003, in forum: Computer Support
  4. Jim


    Jim, Nov 25, 2003, in forum: Computer Support
  5. Jim

    Pagefile.sys drive location?

    Jim, Nov 26, 2003, in forum: Computer Support
    Ralph Wade Phillips
    Nov 26, 2003