View Single Post
Old 01. Oct 2014, 02:24 AM   #2 (permalink)
Remah
Senior Member
 
Join Date: Jul 2010
Location: New Zealand
Posts: 1,741
Default

Zero byte files are not necessarily empty even if Windows Explorer thinks they are.

One of the main reasons is that they may require a specific driver or application to view them correctly:
  • they are probably encrypted or hashed in some way, ie. what you see requires a key to convert it to the correct file name
  • they can be metadata, in other words, descriptions stored in the file names which can be used for other purposes. In this case this appears unlikely but it remains a possibility.

I don't recognize the filenames. You might be able to work out the software that did this by:
  • remembering what happened at that date and time.
  • search for other files modified or created on that same date
  • check the installed programs list to see if there is a program which could have done this. You can also check the installed date to see if it matches or is near.
  • checking the Windows logs if they go back to that date and time to see what was happening then.
  • find if their was a program that has since been uninstalled by running a registry cleaner check that will list all the possible changes without actual cleaning the registry. This should show you any left-over entries from programs (including drivers) that have been uninstalled.
__________________
Better to light a candle ... than to curse the darkness.
Remah is offline   Reply With Quote