Question : WUTemp Folder

I am doing a forensic analysis on a computer and noticed a host of documents stored in this folder. It is my understanding that this is the folder where Windows Updates are downloaded but later deleted when the machine is rebooted. With all the user documents found in this folder, over two years old (and the machine is in use) I am thinking that the end user put them there on purpose to "hide" them. I guess my question is, why were they not deleted when the user re-booted the machine?

Answer : WUTemp Folder

XP will be expecting to clear certain files from the folder, it does not PURGE the entire folder each time, if there is a crash or issue with AU, then it may not get the command to clear, and if normal documents are in there, its just possible, that the user picked that folder by accident from applications (which always remember their last save folder), and continued to save files there, rather than in My Docs.

you would know by the type of files being 'hidden' in there, and by checking registry entries for Office apps, and browsers, what the save folder destinations are set to, if they all point to the same folder, then you will know its likely an accident.

Random Solutions

Why does a Letter size print area on a worksheet refuse to print on one page or either scales it down

Calculate value on subform using field on main form

Inner join on 2 fields with different data types.

Total text box value in ms access form

Help summing multiple criteria in query

Master Powerpoint template with non-editable text boxes and non-resizeable placeholders

Access VBA Import Text File to access

String.format take down all zero's

VB.NET: check last characters of a substring

Can't open design view for query - get " is not a valid name error