Recuva finding the undeletable "bootex.log" - What is it, and its purpose?

[Greger]

I cannot for the life of me understand what this file is all about, or why it keeps showing up whenever I run Recuva on my external hard drive - and why it won't let itself be deleted.

 

I've done several "wipe free space"-runs on the drive - yet it's still there. And the file says it's from early 2011, even though I've wiped the free space on my external hard drive many times both before and after 2011. The file's only 9kb in size.

 

What's it all about? And why won't it disappear?

[Nergal]

does this help ?

http://answers.yahoo.com/question/index?qid=20080814205506AAEg5mR

Bootex.log is a file created by chkdsk.exe when it is run; its results are rolled into the main log after the system finished booting. If chkdsk.exe is interrupted, bootex.log can become corrupted.

Edited December 22, 2012 by Nergal
quoted too much

[Greger]

does this help ?

http://answers.yahoo...14205506AAEg5mR

 

Not really. But thanks anyway.

 

But I'm wondering: When securely deleting a file, or wiping free space (using CCleaner) - as I've done several times on my external hard drive without the bootex.log file disappearing - does it pose a "threat", as in that it still holds information of files that I have just, or on former occasions, securely deleted? Or what's the file for?

[Augeas]

The entry for bootex.log is held in the reserved part of the MFT In my setup the reserved part of the MFT holds 26 records, and bootex.log is record 17 (I would expect that other NFTS systems are the same, or remarkably similar). So whatever you do you won't be able to delete this entry from the MFT, and Recuva will always show it.

 

When you're overwriting free space the file's data clusters will be overwritten, so only the MFT entry remains, and no secrets are exposed. I think that Nergal explained what it's for.

 

The dates on my bootex are 03/02/2011. I wonder what happened then?

[Greger]

Alrighty then. Thanks!

[Greger]

I just securely deleted a couple of files on my external drive again, and upon doing another standard search with Recuva, it now found another few files:

 

RestorePointSize - two of them, each 8kb

A00######.ini - three of them

change.log

 

Are these nothing to be bothered with either, and why did they suddenly appear now?

[Augeas]

Restore point and Change log are sys restore files, nothing to worry about. I don't know what the A00 file is, but I wouldn't worry about that either.

[Alan_B]

A00######.ini - three of them

change.log

Under XP absolutely every deleted file that was preserved in a Restore Point was given a new name starting with letter 'A' then an incrementing number such as 000001234,

but it retained the original extension,

and Change.Log was updated with an entry that indexed A000001234 with the original name before deletion.

 

Never had Vista

 

Never used System Restore on Win 7 because it never helped and mostly damaged my XP experience.

[Greger]

I use XP, but I'm not sure if that matters since I found these files on my external hard drive. But I reckon the A00#####.ini files are nothing to care about either, then?

 

Thanks again btw!

[Greger]

Now there are more "A00#####" files, with various file extensions. A huge bunch of A00#####.mst, a few A00#####.msi and some A00#####.exe. I don't know if it's Recuva messing up, but according to Recuva the .mst files are from/were most recently changed 2007, two years before I got my external hard drive. I guess it could've been manufactured around that time or before, but without really understanding Alan_B's answer above - why do these files, as well as the others mentioned before, pop up now all of a sudden? After securely deleting files, that is. And are they anything to be bothered with?

 

On a side note, and now I'm going completely off topic, but when I checked the properties on my personal file folder on my external drive today, it contained 4,81 GB of data. However, checking the properties on the whole drive (E:), it says there's 5,97 GB of data on it. What could that extra amount of 1+ GB be? I made sure hidden files and hidden system files could be seen, then highlighted all the local "system" folders/files, and it only went up to about 1 MB of data.

 

It's an NTFS drive btw.