A paging file is a file that is designed to store virtual memory pages. The system accesses the swap file when memory needs to be allocated when there is insufficient physical memory. Further, instead of accessing RAM, the system accesses a file on the hard disk. This is much slower, but you can allocate as much memory as your application needs.
There are keys in the Windows registry that are responsible for setting up swap files. They are located in the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management registry branch. The number of paging files on the system and their size is specified in the PagingFiles key of type REG_MULTI_SZ. This is a set of lines, each line of which can look something like this:
c:pagefile.sys 512 3072
The beginning of the line specifies the path to the paging file and its name. The default swap file name is pagefile.sys, and the default location is in the root of the drive. The name and path of the paging file can be changed as desired. If you specify an invalid name which the system cannot create, the swap file will appear in its default location.
The next two words in the line are the minimum and maximum paging file size. You can set these to the same size, and the paging file will be always the same size and less fragmented, which should have a positive effect on computer performance. By changing the numerical values in PagingFiles you can increase or decrease the paging file size.
A system may have multiple paging files on different disks, so the PagingFiles key should describe them all on separate lines. If you change the key, you must reboot the computer for the changes to take effect. To disable the paging file, simply remove all lines from the registry key.
The ClearPageFileAtShutdown registry key of REG_DWORD type is responsible for clearing the swap file at system shutdown. This is needed to protect the swap file from being analyzed for sensitive data, passwords, etc. If this registry key is set to 1, the swap file is wiped when the computer is shut down.
Hiding data The pagefile.sys file is not accessible on the system while it is running. It cannot be opened, renamed, or deleted in the standard way. This can be used to perform a trick which can hide sensitive data up to the moment, e.g. if you want to hide the fact that a cryptocontainer is present on your computer. To perform the trick, you will need to do the following:
Create somewhere in the NTFS file system an empty file with any name, for example C:file.dat; Attach to the file the cryptocontainer that you want to hide as an NTFS file stream. You can do it using NTFS Stream Explorer. Mask the name of the file stream to one of the standard NTFS attribute names, for example, you can name the file stream $DATA; Write the file name C:file.dat into the PagingFiles registry key, so the system creates a swap file in this file; Restart the computer. After restarting the computer, access to file C:file.dat will be blocked by the system because it uses it as a swap file. Meanwhile, the cryptocontainer file stream will remain untouched, it will still be attached to the file. It will not be possible to retrieve a list of file streams from the file.dat file while the system is running. So, special utilities that search for file streams won’t be able to find it. Programs that use direct disk access or run with the system disabled (for example, LiveCD programs) will be able to find the file stream, but the file stream name will be masked with the system name $DATA. While the system is running, no one will be able to read the contents of the file stream, as the main carrier file is locked.
In order to extract a cryptocontainer again, you need to remove the swap file C:file.dat entry from PagingFiles switch and restart your computer. The file will become a normal file again, and the cryptocontainer can be extracted from it using NTFS Stream Explorer.
cvv dumps shop