Guest Ward Posted July 31, 2007 Posted July 31, 2007 I need some help here for a fire investigator friend of mine: The short story: A fire was started in the home and the power was killed to the home. Computer was running at the time of the fire and shut down when the power was killed. Question: Is there any way to see what was going on on the computer before the fire killed the power to the home. Some kind of log information that might be able to provide some kind of time line? Thanks for any suggestions and help.
Guest Elmo Posted July 31, 2007 Posted July 31, 2007 Re: Fire Investigation Question help needed please. Ward wrote: > I need some help here for a fire investigator friend of mine: > > The short story: A fire was started in the home and the power was > killed to the home. Computer was running at the time of the fire and > shut down when the power was killed. > > Question: Is there any way to see what was going on on the computer > before the fire killed the power to the home. Some kind of log > information that might be able to provide some kind of time line? > > Thanks for any suggestions and help. Dunno.. But here's a thought: Do a search for files modified in the last month. Then click the Date header to arrange by date. Check the times, and type of files modified in the time you're interested in studying. Temp Internet Files would suggest browsing, etc.. -- Joe =o)
Guest GHalleck Posted July 31, 2007 Posted July 31, 2007 Re: Fire Investigation Question help needed please. Ward wrote: > I need some help here for a fire investigator friend of mine: > > The short story: A fire was started in the home and the power was > killed to the home. Computer was running at the time of the fire and > shut down when the power was killed. > > Question: Is there any way to see what was going on on the computer > before the fire killed the power to the home. Some kind of log > information that might be able to provide some kind of time line? > > Thanks for any suggestions and help. > What in particular are you looking for? More often than not, when the computer is powered back on, it will initiate some degree of self-repair. It is not going to be any different from an inadvertant power failure at any inordinary period in time. More often than not, Windows is capable of some self-repair. Event viewer might be able to provide some clues.
Guest dobey Posted July 31, 2007 Posted July 31, 2007 Re: Fire Investigation Question help needed please. "Ward" <wardhawg@yahoo.com> wrote in message news:1185850734.237976.167550@z24g2000prh.googlegroups.com... >I need some help here for a fire investigator friend of mine: > > The short story: A fire was started in the home and the power was > killed to the home. Computer was running at the time of the fire and > shut down when the power was killed. > > Question: Is there any way to see what was going on on the computer > before the fire killed the power to the home. Some kind of log > information that might be able to provide some kind of time line? > > Thanks for any suggestions and help. > It depends what your looking for. Event viewer will only tell you when services stop and start. Event log service starting/stopping is usually coincides with XP starting/stopping normally, (no event log would be written in case of a sudden shutdown). If you want information on what files were being accessed at the time, then unless your friend has some kind of monitoring software, no log is kept AFAIK. If you put the system disk in another machine, you might be able to determine when the machine was killed by the time the page file was last modified. It seems reasonable to assume this file is open most of the time. This wouldn't work by booting the machine, as the page file would be opened again and thus have a new date. It does occur to me however you could use the Date Accessed column in Windows Explorer. The only problem with this is that if you have a virus scanner chances are it will access that file during a scan, and the last accessed time and date will be that of the last virus scan. If the machine is running what about the most recent documents list.
Recommended Posts