How to identify any Suspicious changes to files or directory (Disk Drive Signature)

By OSForensics

Creating a signature generates a snapshot of the directory structure of the drive at the point of creation. This information includes data about a file’s directory path, file size and file attributes.

 How to Create Signature

 First of all download the OSForensics from here.

Select Create Signature Option. Click on Config .

Now browse the desired Directory from Directory list management, in my case I am selecting h: Drive which specifies Pen drive. Click on Add to list Option to include the directory. Click OK.

Now in start folder option, it will show us the selected Drive i.e. H: Drive. Click on the Start Option.

It will ask for the File Name, enter the File Name & click on Save. So signature for data drive will be created.

Now does some modification in data drive and repeat the same steps to create another signature after modifications in data drive.

Now click on Compare Signature Option.

Browse both files in Old Signature as well as in New Signature Option.

Click on Compare option .It will start the process. Now it will show us the files with their modification status as well as their creation and modification date. We can select show option to see only modified or deleted files.

By Clicking on the modified file, it will show the file differences by showing old as well as new signature path, its creation and modification date.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging .He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can contact him at [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *