6

I want to find out who created a certain file but all I can see under Security tab is Administrators group being pointed out as owner. This is not very helpful. How can I see who really created the file?

BTW. Came across those 2 links:
http://help.lockergnome.com/windows2/Find-created--ftopict442233.html
http://www.eggheadcafe.com/software/aspnet/31793852/find-what-user-created-a-folder-or-file.aspx
but it's hard for me to believe that Windows does not care about who really created a file or folder.

thoughtcriminal
  • 345
  • 2
  • 4
  • 8

2 Answers2

3

Typically the 'owner' is the creator, but since the user is part of the administrators group all admins are given owner rights to it (this way when an admin leaves an organization there aren't files orphaned on a file-system that no one but root can delete etc). This isn't so much a problem with windows itself, so much as NTFS - and additional creator field would be nice. If you need to do a more forensic analysis, proprietary data formats (office: .doc(x), .xls(x) etc) typically have some metadata in them about who created them. To this end its worth noting that the office 2007+ formats are simply zipped xml files and directories (change the file extension to .zip or ...openwith your gunzip program of choice)

JERiv
  • 176
  • 5
0

Windows is not different from other operating systems in that, in Linux all files belong to an user but you can change it if you have enough privileges, so you can create a file and assign it to another user.

Also, note that in some situations knowing the actual creator would be impossible: for example, if you copy a file in a public shared folder, who'll be the owner of the file? You created the file but is probable that your user doesn't exists in the computer that stores the file, so it can't assign the file to you.

Ummm, is that file in a shared folder? Maybe that is why the file is assigned to a group instead of a specify user.

Alberto Martinez
  • 453
  • 2
  • 7