| Author | Message | ||
     Patricia Monica Delbono Username: pato Registered: N/A |
Hi: I try to recover files with .exe extention. But when I see the results these have a number not a name. For example 0115.exe. I am looking for a special exe file (for example winhex.exe) how can I do to see the name of the exe file? Patricia Winhex Specilist Licence | ||
| Alfons Kramer Username: admin3 Registered: 4-2004 |
There are two ways of recovery. One depends on remainings of a file system, the other does not (aka carving). In the first case we do have the original file name, while the other one has to generate one. If the .exe file is recovered by carving, one can determine its file name sometimes from the version resource (as is the case with winhex.exe). In other cases it can be determined from the export table. This table can be seen from the preview mode, the version resource from the details mode. For the special case of an previously known file one can also make use of hash sets. With the hash value known, one can identify the particular .exe file. This is possible, for carving can determine the exact byte length of the carved file. |