WinHex Utility

WinHex’s functionality is not limited to only viewing these password files—even the Windows swapfile (pagefile.sys)can be combed through with this tool.However, this is possible only on a separate Windows partition or a DOS copy tool, as Windows’ built-in file protection stops the swapfile from being opened. For instance, if you boot the computer with Vista you can load the pagefile.sys of an existing XP partition from Vista in WinHex.You will find this in the root directory ofthe respective Windows partition. Using search terms like ‘password’, ‘admin’ or‘user’ in the ‘Search | Search Text’ tool in the WinHex window, you will be amazed at the bevy of confidential information that is stored in the ‘pagefile.sys’ file—apartfrom Windows passwords, there are also passwords for Web forums or protected PDF documents. If the swapfile isn't routinely cleared then you are vulnerable. Protection Measure: Many password protection programs allow you to use customized, unique file extensions. The next time you use these applications to create a password keyfile, use an extension that is not very obvious. Moreover, never save the file to the folder suggested by default, because applications such as ‘RoboForm’ and ‘Password Safe’ are extremely well known to hackers,who will target such default directories as standard procedure.

Here is a registry tweak to protect you from the vulnerabilities of the pagefile.sys. Start regedit and navigate to the key
‘HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\MemoryManagement’. Double click on the‘ClearPageFileAtShutdown’ entry and assign the value ‘1’ to it. Thus, the swapfile is filled with zeros during every Windows shut down and no sensitive datails visible when opened with WinHex


Post a Comment

PlEaSe Use website title tag whenever linking your website to this blog

Bookmark and Share

Enter your email address:

Delivered by FeedBurner