SearchMyFiles lets you Search Windows without Leaving Traces
I recently had to perform a search on a computer that is not connected to our network and I was not allowed to leave any trace behind that I was there, installed any applications or ran any searches on the machine. I had to search the machine for all files created in the last 5 days and save my results.
I accepted my James Bond-esque task equipped only with a memory stick and a very small application called SearchMyFiles from my favorite handy dandy developer NirSoft.
SearchMyFiles is a portable improvement over the standard Windows Search option. Not only can you be stealth about your activities but it is a portable app as well. So you can throw it on a memory stick and scan to your hearts content. This will work on all Windows Operating Systems 2000 or better.
You can download the application from here. There is an installable version as well but where is the fun in that? So after downloading and running the 40kb application I saw this screen:
Wow that’s a lot of options! So I quickly configured it to do my bidding as you can see below:
I configured it to search both local hard drives, excluding the Windows directory, return all files and folders created in the last 5 days. I hit OK and was on my way… Looking over my shoulder as I went. After about 5 minutes I saw what I was looking for…
Then I hit up View – HTML Report – Selected Items and like that I was done… I saved the HTML file to my USB Drive and I was out.
I hate being the rat but my job is my job and this tool helped me do it. Upon removing my USB drive there was no trace of the search.
Do you have a tool that you live by? Couldn’t live without? Share it with us in the comments and let us know why it is so important to you!
(By) Karl Gechlik is a superhero of the IT industry. His days are spent monitoring and maintaining systems on Wall Street. He helps people with their technical issues for free over at AskTheAdmin.com.
Nice. I’ve been using Everything (http://www.voidtools.com/), which is also a portable app, but I am totally going to try this. Great find.
Couldn’t you also use just about any Linux LiveCD?
The machine’s bios was locked down and the boot to usb or cd/dvd was disabled… Hence being ordered to go and get my hands dirty.
I’ve been using Everything for a quite long time. It works great. I will surely try this one out!
And that is why everybody in the office hates the IT guy. I’ll definitely check out the program though, thanks
So the BIOS was locked down, but he didn’t password protect access to the system when he was away?
So BIOS was locked, but he left the system access unlocked while he was away from his desk?
Local administrator password FTW!
But that would leave a trace, it would show that last user that logged in, unless group policy is overriding that setting…
(Comments wont nest below this level)This guy didn’t seem to be going very far to hide his activity, he could easily have used an encrypted volume, which would have rendered your handy-dandy little tool completely useless.
Well he could have also used a encrypted vnc session or at least a proxy so HR didnt see the pirate bay traffic coming from his computer. But like I said he disconnects the network from the machine when it is not in use and he though he was safe…
The “leave no trace” option is interesting. Looks like the employer is building a file, in which case you’re going to be asked to perform this function a few more times. I’ve been down this road before myself – it’s not fun but like you say, it’s your job, so you have to do it. Thanks very much for the file tip!
I recommend TheSearchMan.
unlike Everything , TheSearchMan’s database is encrypted and it doesn’t show ALL files at the startup.
The database of Everything is on the most wanted List of hackers as it lists all your files.
TheSearchMan is a mere 30 KB download.
It is portable also. That means NO INSTALLATION.
Unlike Everything or Locate32 which can only search in the index, TheSearchMan can do real searching,ie, in the drive with a super fast speed.
It searched my 50GB Seagate drive in a little over 2 seconds.
It has bagged many 5 stars and Top Software awards.
The interface of TheSearchMan is extremely simple.
Just enter the path and search criteria
TheSearchMan’s database is updated on the fly.
The home page is:
http://venussoftcorporation.blogspot.com/2009/08/thesearchman.html
Its also been reviewed by ghacks and addictivetips.