Pinterest Stumbleupon Whatsapp
Ads by Google

searchmyfilesHead I recently had to perform a search on a computer that is not connected to our network and I was not allowed to leave any trace behind that I was there, installed any applications or ran any searches on the machine. I had to search the machine for all files created in the last 5 days and save my results.

I accepted my James Bond-esque task equipped only with a memory stick and a very small application called SearchMyFiles from my favorite handy dandy developer NirSoft.

SearchMyFiles is a portable improvement over the standard Windows Search option. Not only can you be stealth about your activities but it is a portable app 100 Portable Apps for your USB Stick (for Mac and Win) 100 Portable Apps for your USB Stick (for Mac and Win) Read More as well. So you can throw it on a memory stick and scan to your hearts content. This will work on all Windows Operating Systems 2000 or better.

You can download the application from here. There is an installable version as well but where is the fun in that? So after downloading and running the 40kb application I saw this screen:

image

Wow that’s a lot of options! So I quickly configured it to do my bidding as you can see below:

Ads by Google

I configured it to search both local hard drives, excluding the Windows directory, return all files and folders created in the last 5 days. I hit OK and was on my way”¦ Looking over my shoulder as I went. After about 5 minutes I saw what I was looking for”¦

Then I hit up View – HTML Report  – Selected Items and like that I was done”¦ I saved the HTML file to my USB Drive and I was out.

image

image

I hate being the rat but my job is my job and this tool helped me do it. Upon removing my USB drive there was no trace of the search.

Do you have a tool that you live by? Couldn’t live without? Share it with us in the comments and let us know why it is so important to you!

  1. Roy
    September 24, 2009 at 4:04 am

    I recommend TheSearchMan.

    unlike Everything , TheSearchMan’s database is encrypted and it doesn’t show ALL files at the startup.
    The database of Everything is on the most wanted List of hackers as it lists all your files.

    TheSearchMan is a mere 30 KB download.
    It is portable also. That means NO INSTALLATION.

    Unlike Everything or Locate32 which can only search in the index, TheSearchMan can do real searching,ie, in the drive with a super fast speed.

    It searched my 50GB Seagate drive in a little over 2 seconds.
    It has bagged many 5 stars and Top Software awards.

    The interface of TheSearchMan is extremely simple.
    Just enter the path and search criteria

    TheSearchMan’s database is updated on the fly.

    The home page is:
    http://venussoftcorporation.blogspot.com/2009/08/thesearchman.html

    Its also been reviewed by ghacks and addictivetips.

  2. wolfshades
    May 25, 2009 at 9:27 am

    The "leave no trace" option is interesting. Looks like the employer is building a file, in which case you're going to be asked to perform this function a few more times. I've been down this road before myself - it's not fun but like you say, it's your job, so you have to do it. Thanks very much for the file tip!

  3. richduper
    May 14, 2009 at 9:41 am

    This guy didn't seem to be going very far to hide his activity, he could easily have used an encrypted volume, which would have rendered your handy-dandy little tool completely useless.

    • Karl L. Gechlik
      May 14, 2009 at 9:47 am

      Well he could have also used a encrypted vnc session or at least a proxy so HR didnt see the pirate bay traffic coming from his computer. But like I said he disconnects the network from the machine when it is not in use and he though he was safe...

  4. Nunya
    May 13, 2009 at 3:58 pm

    So BIOS was locked, but he left the system access unlocked while he was away from his desk?

    • Karl L. Gechlik
      May 13, 2009 at 4:03 pm

      Local administrator password FTW!

      • Nunya
        May 15, 2009 at 1:20 pm

        But that would leave a trace, it would show that last user that logged in, unless group policy is overriding that setting...

  5. Nunya
    May 13, 2009 at 3:49 pm

    So the BIOS was locked down, but he didn't password protect access to the system when he was away?

  6. Jrobie
    May 13, 2009 at 3:15 pm

    And that is why everybody in the office hates the IT guy. I'll definitely check out the program though, thanks :)

  7. Dnyanesh
    May 13, 2009 at 3:13 pm

    I've been using Everything for a quite long time. It works great. I will surely try this one out!

  8. Phil
    May 13, 2009 at 1:39 pm

    Couldn't you also use just about any Linux LiveCD?

    • Karl L. Gechlik
      May 13, 2009 at 3:22 pm

      The machine's bios was locked down and the boot to usb or cd/dvd was disabled... Hence being ordered to go and get my hands dirty.

  9. catester
    May 13, 2009 at 12:45 pm

    Nice. I've been using Everything (voidtools.com/), which is also a portable app, but I am totally going to try this. Great find.

Leave a Reply

Your email address will not be published. Required fields are marked *