Recently i downloaded one software that is "protecting" the folders by hiding them.
The software is https://fspro.net/my-lockbox/
I opened the cmd as administrator and i thought that i will recover it by attributes but, nothing, it raised an error File not found - personal
Then i noticed something when i just typed cd personal
- Access is denied.
My first thought it was that has to do about privileges takeown /F "D:\person" /A /R /D Y
but again the same error Access is denied.
.
Ok, i continue and i closed every process that had to do with that program.
I followed the same but nothing! With these command icacls "D:\person" /setowner "Administrators" /T /C
i got
D:\person: Access is denied. D:\person\*: Access is denied.
Successfully processed 0 files; Failed processing 2 files.
OK maybe it is something more than this!
Before i "hide" the folder i was inside the folder and when i hided it i checked the Properties and i saw You must have Read permissions to view the properties of this object
I checked the advanced option - Change the Owner and i didn't have the option to change it but only You must have Read permissions to view the properties of this object
With PowerShell and with PowerForensics
library .... I found the file!! Also, with a third party (WinUtilities Undelete
and https://www.x-ways.net/winhex/)!
I noticed that the name of the file had not changed,(didn't use clsid) it was there! Just hidden, without attributes without encryption!
My question is what is going on there?
What am i missing about privileges - permissions?
what makes it inaccessible and hidden?
Please, the point of this question is not to critique but about knowledge! Thanks!