Jump to content

How to identify the dates of use?


mhan

Recommended Posts

How to know when (that is, the date(s) or the last date) ccleaner was run on my Windows 7 computer?

 

Is it possible to identify this information using forensic exams as well?

 

The Windows log files are not available.

Link to comment
Share on other sites

  • Moderators

A1 It's not possible within the software

 

A2 because of A1 no unless modified by A3

 

A3 No windows logs would be created by default, though one could set up a custom log which monitors the running of ccleaner's exe

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

Support at https://support.ccleaner.com/s/?language=en_US

Pro users file a PRIORITY SUPPORT via email support@ccleaner.com

Link to comment
Share on other sites

Thank you. Therefore, unless there is custom log that monitors the running of ccleaner's exe was already setup on my computer, it is NOT possible to know when ccleaner was run.  Is it correct?

 

I am bit novice to this field and I am Sorry, if my question is redundant.

Link to comment
Share on other sites

  • Moderators

As far as I am aware that is correct, however it is just an educated opinion

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

Support at https://support.ccleaner.com/s/?language=en_US

Pro users file a PRIORITY SUPPORT via email support@ccleaner.com

Link to comment
Share on other sites

  • Moderators

There are plenty of registry entries, even with the portable version, although I don't know if any hold the last run date. If you change any settings the ccleaner.ini file will be datestamped, if you use it. Then there's the prefetch folder, along with stuff I can't think of at the moment.

 

I'm sure someone with enough skill and time could find out if they wanted to. But running CC is not a crime, yet.

Link to comment
Share on other sites

I use the portable version of CC

 

I have launched and then closed CC and CCleaner.ini was updated with a modified time-stamp of

10:22:01

Then I launched again and the time stamp only changed when I closed CC,and became

10:23:10

 

This shows when CC was last closed, even if it only Analyzed and did not clean.

Link to comment
Share on other sites

Thanks for the information. In case it is possible to identify the last date of use then

Another question is: is it possible to identify what actions/operations CC has done during the last cleaning? For example: whetehr it wiped a specific file (or folder) OR  wiped the free space OR  free space PLUS slack space OR wiped the browser history alone OR something else...

Link to comment
Share on other sites

  • Moderators

Not really. You could look at the settings either in the registry or in ccleaner.ini; secure overwrite and wipe free space leaves the overwrite files on the disk, and files with names of ZZZZ.ZZZ.ZZZ are a bit of a giveaway. But nothing specific. Why do you ask, are you posting from the local lockup?

Link to comment
Share on other sites

Thank you. Before providing additional info, I am not clear where to find ccleaner.ini that you mentioned. Could you help me identify its location?

 

I received a legal notice. Once I received that notice, I am supposed to keep the information/evidence as it is (and at the same time I am permitted to use my computer for “routine operation”). In addition, I “should not allow the routine operation to thwart investigation obligations by allowing that operation (CCleaner operation) to destroy information that I am required to preserve or produce.”

 

I wish to argue as follows:  although all the boxes in “registry cleaner” option of CC are checked, I deleted/erased only specific files and that deletion operation was necessary to do my routine work.  However, if the investigation reveals that I cleaned slack space, entire free space, etc. also , I wish to defend that those operations might have been performed but NOT after I received the legal notice date. Thereofre, it is very important for me on the possibility to identify the date on which specific operations (cleaning slack space, for example) were performed on my computer.

Link to comment
Share on other sites

Surely it is NOT your responsibility to perform forensic examination to prove yourself innocent.

 

It is entirely the responsibility of the investigators to prove both the date of notice delivery and the date at which you destroyed information.

 

I am suggesting that this topic be locked to prevent any further implication of any forum members in legal entaglements

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.