Recent file seeker

Recent File Seeker is an free and portable file research tool.

It accepts many search filters, and writes the results to a log file.

Download Recent file seeker

Current version: 2.0.0.0

 

 

 

Screenshot:

When you launch Recent file seeker (aka RFS), it displays its interface and stays idle, waiting for you to setup your scan options and press the Start scan button.

RFS if provided to you free of charge. If you like this tool, maybe you can help us to make better!

↑ Back to index

 

Choosing the search pattern:

RFS supports a very dinamic search pattern. You can set up sevaral keywords, and use wildcards, like * (asterisk) or ? (question mark).

Separate several keywords with a | (vertical bar). RFS will try to match the keywords with the file name, including the file extension.

If a match is found, the selected information about the file will be written to the log.

When using wild cards, the * will match any character zero or more times. The ? will match any character zero or once. Use the one you think is more adequate to your research.

Even though RFS was created to search for malware, you can use it to search whatever you want. For instance, the pattern below would search for PNG and JPG pictures whose file names start with PIC.

PIC*.png|PIC*.jpg|PIC*.jpeg

The pattern below would search for PNG and JPG pictures whose names start with PIC and have four more characters, like PIC1234.jpg.

PIC????.jpg|PIC????.jpeg|PIC????.png

The search pattern is case insensitive and can be used either for the file name, for the file extension, or both.

If you want to disable the file name filter, just clear the pattern. In that case, all file names will match.

↑ Back to index

 

Selecting the search options:

You can filter your research by file age, too. Just set the desired max file age in the Max age (days) input box, or use the associadted updown control to increase/decrease the displayed number. The max file age filter is defined in days. For instance if you set it to 20, only files created, modified or accessed, depending on the selected timestamp base will be matched. To disable this filter, set the max file age to 0.

If you want to iignore Microsoft files, uncheck Include Microsoft files. This feature is provided to help detecting malware.

If you uncheck Recurse subfolders, RFS will only scan files located inside the selected root folder, and will not recurse subfolders.

If Scan recent folders is checked, RFS will also report folders created within the max file age limit. Note: If the Max age filter is disabled (set to 0), this feature will be automatically disabled too.

The other options define the information fields that will be writen in the log. Each time RFS finds a file that matches the selected filter, it will write a new line in the log containing the requested information. The line will have the following format:

Mode | Last write time | Path | File attributes | File description | File size | MD5 hash | Publisher name

Below is an example of a possible line. It appears wrapped into 2 lines here because it doesn't fit in the page's width, but it is only one line.

<RecentFiles> | Last modified:2014-01-28 | A | C:\Program Files\Java\jre7\bin\awt.dll | Java(TM) Platform SE binary | 1,43 MB | FF94DDBC8881B8918A5E40A643D2C78F | Signed : Oracle Corporation

As you can see, the information is written in several fields separated by " | ", just like in the UVK log.

Not all the fields above may be present. That will depend on the selected options you select before starting the scan.

Mode : (<RecentFiles>) This keyword is always present. It is used by UVK as reference, in case you wish to delete the corresponding file using UVK.

Last write time : This field is always present. It may also be the creation time, or the last access time, depending on which option is selected in the Timestamp base combo box.

Path : The matched file object's full path. This field is always present.

File attributes : The matched file object's attributes. It's a string in the format "RASHNDOCT". Each letter of the string will be present if the corresponding attributes are set:
"R" = READONLY
"A" = ARCHIVE
 "S" = SYSTEM
"H" = HIDDEN
"N" = NORMAL
"D" = DIRECTORY
"O" = OFFLINE
"C" = COMPRESSED (NTFS compression, not ZIP compression)
"T" = TEMPORARY.

This field will be present if Include file attributes is checked.

File description : The matched file's description. This field will be present if Include file description is checked.

File size : The matched file's size. This field will be present if Include file size is checked.

MD5 hash : The matched file's MD5 hash. This field will be present if Include file MD5 hash is checked.

Please note that the file hash generation requires reading the entire file, which can take long for big files with one or more GB.

Publisher name : The matched file's publisher name. This field will be present if Include company name is checked.

If Verify file signature is checked, the publisher will be verified, allowing you to check the authenticity of the file.

 

Note: If you select Scan recent folders, The folder list will be written in a separate section below the matched files. The folder's path and timestamp will be the only info written in the log. Also, once a parent folder is matched, all subfolders will be ignored.

↑ Back to index

 

Setting the search path root:

Enter the path of the scan's root in this text box. This may be a drive letter in the C: form, or the full path of a folder.

Use the Browse button to quickly select the root folder or drive using the Windows shell.

↑ Back to index

 

Setting the log's path:

This input specifies the full path and name of the log. Press the Browse button to select a different path and name.

↑ Back to index

 

Setting the timestamp base:

The timestamp base defines the base of the Max file age filter.

For instance, if you select Creation date, and Max file age is 30, only files created within the last 30 days will match.

If you select Last modified, and Max file age is 30, only files modifiled within the last 30 days will match.

If you select Last access, and Max file age is 30, only files accessed within the last 30 days will match.

You should select the one that corresponds to the desired filter.

Note: If Max file age is 0, this filter is disabled.

↑ Back to index

 

Starting the scan:

After setting up the desired filters, press Start scan. RFS uses a very fast algorithm.

Depending on the selected filters and the number of files/folders to analyze, the scan can take from a few seconds up to several minutes.

RFS will display the path of the folder it is currently parsing in a text line at the bottom of the window.

When the scan is complete, RFS will try to detect the presence of a UVK's installation in the local computer. If it finds ti, the log is opened with the Log analyzer. Otherwise it is opened with the Windows Notepad.

↑ Back to index

 

Analyzing the log:

If you used RFS to serch for malware, the created log can be easily analyzed using our dedicated Log analyzer. It is provided with any of the UVK packages.

Otherwise you can manually analyze the log with any text editor.

↑ Back to index

 

What's new in this version:

  • General debugging.
  • New graphical interface.
  • Updated compatibility with the latest UVK version.
  • Other improvements

↑ Back to index

Copyright Carifred © 2010 - 2016, all rights reserved.