Tuesday, June 10, 2008

Windows Defrag Shows It All !!

I am sure you must have seen this 'ACCESS DENIED' screen if you try and enter the protected 'System Volume Information' folder on your Hard Drive.












Any idea what is there inside the 'System Volume Information' folder there? Well, windows indeed stores a lot of information that is required to be protected there and all the windows restore points are also present in this folder.

Now, security doesn't seem to have covered at all the places in windows. What happens is the path inside System Volume Information is protected by a folder structure which is not easy to guess.

The flaw lies in Windows Defragmentation.



















Windows Defragmentation does not hide the fragmented files present in System Volume Information folder. If the folder structure is revealed here, you get access to lot more sensitive information. This includes windows registry, SAM files, etc.

































So, if I save this report and view the actual path inside the System Volume Information,





I use this path to get inside System Volume Information folder using explorer and I now have the access to "protected" files like SAM file and lots of other information.