Utility to view cached thumbs.db files [Archive]


	TribalWar Forums > TribalWar Community > TW Tech > Utility to view cached thumbs.db files PDA Utility to view cached thumbs.db files FUBAR\|Ascain 01-09-2004, 06:19 PM Ok, my turn to ask a question for a change. As many of you probably know, Windows XP has the ability to generate small jpg based thumbnails of images (and sometimes associated documents) contained within a folder to a structured ADS file called thumbs.db. For forensic purposes I need a utility that can read this information independently from the file system. (Read, even if the original image file has been deleted, I still need to view the thumbnail information stored in the stream file). Does anyone know of a utility that will allow me to view or extract the jpg headers from the thumbs.db file for independent viewing? I know such a beast exists, but I cannot remember the name or developer, and a Google search comes up dry due to the garbage topics associated with the filename. Any assistance you guys could provide would be immensely appreciated. AngelOfdetH 01-10-2004, 10:52 AM I haven't tried it yet, but WS FTP Pro v8 states they support thumbnail.db view From their page: New Features in Version 8.0 ========================= == Thumbnail Support ================= WS_FTP Pro v8.0 includes support for viewing and generating thumbnails for image files on local and remote views. When changed to thumbnail view, WS_FTP Pro will attempt to read thumbnails from a Microsoft Thumbs.db file, an Ipswitch IpsThumb.db file, an NTFS stream (if the server is running with an NTFS file system), retrieve a thumbnail image by downloading a portion of the remote file, or by downloading the complete image file and generating a thumbnail image. And if that doesn't work, try this one http://www.polybytes.com/pinotes.htm FUBAR\|Ascain 01-10-2004, 01:27 PM Thanks for the input. Ws_FTP will read the thumbs.db file and generate it's own proprietary format for files that exist in the directory, but it won't show the thumbs for deleted files. (If I hexedit the thumbs.db file to get filenames, I can stage empty files and have the thumbnail cache read and display the deleted files though). It's a step in the right direction, but I can fake out the filesystem with a similar trick already. PolyImage Pro appears to have the same limitations from what I've read, but I'll download and compile the support library they have available to see if I can fenagle it into doing what I need. Anyone else have suggestions? Krobar 01-10-2004, 02:11 PM my only suggestion is to be sure to post here what you find that ends up being able to do this, and if it's something you make, to release it :browsmile (sorry I can't be more helpful on this one :( )