Content deleted Content added
Padmakalki (talk | contribs) |
→External links: typo? |
||
| (35 intermediate revisions by 19 users not shown) | |||
Line 1:
{{Short description|Aspect of the Windows operating system}}
On [[Microsoft Windows]] [[operating system]]s, starting with the
==Purpose==
Windows stores thumbnails of graphics files, and certain document and movie files, in the Thumbnail Cache file, including the following formats: [[JPEG]], [[BMP file format|BMP]], [[Graphics Interchange Format|GIF]], [[Portable Network Graphics|PNG]], [[Tagged Image File Format|TIFF]], [[Audio Video Interleave|AVI]], [[Portable Document Format|PDF]], [[Microsoft PowerPoint|PPTX]], [[Microsoft Word|DOCX]], [[HTML]], and many others. Its purpose is to prevent intensive disk [[I/O]], CPU processing, and load times when a folder that contains a large number of files is set to display each file as a thumbnail. This effect is more clearly seen when accessing a DVD containing thousands of photos without the thumbs.db file and setting the view to show thumbnails next to the filenames. Thumbnail caching was introduced in Windows 2000;<ref name=AccessData/> wherein the thumbnails were stored in the image file's [[alternate data stream]] if the operating system was installed on a drive with the [[NTFS]] file system. A separate Thumbs.db file was created if Windows 2000 was installed on a FAT32 volume. [[Windows Me]] also created Thumbs.db files.<ref name=AccessData/> From Windows XP, thumbnail caching, and thus creation of Thumbs.db, can optionally be turned off. In Windows XP only, from Windows Explorer Tools Menu, ''Folder Options'', by checking "Do not cache thumbnails" on the ''View'' tab. In other versions of Windows, thumbnail caching can be turned off via [[Group Policy]]. Under Windows 2000, Windows Me, and Windows XP, a context menu command to force refreshing the thumbnail is available by right clicking the image in ''Thumbnail'' view of Windows Explorer.
==Thumbs.db==
'''Thumbs.db''' files are stored in each directory that contains thumbnails on Windows systems. The file is created locally among the images, however, preventing system wide use of the data and creating additional data load on removable devices.<ref>[http://msdn.microsoft.com/en-us/library/bb774628(VS.85).aspx IThumbnailCache Interface], MSDN, Microsoft Corporation</ref> [[Windows XP editions#Media Center Edition|Windows XP Media Center Edition]] also creates <code>ehthumbs.db</code> which holds previews of video files. Each thumbnail created in a directory is represented in this database file as a small JPEG file, regardless of the file's original format. The images are resized to 96×96 pixels by default or a proportional miniature of their original shape for non-square images, with 96 pixels on the longer side. The size can be controlled by a setting on Windows Registry. Each folder with initiated thumbnail views (that is where they have displayed a Thumbnails or Filmstrip view in Windows Explorer) will have a Thumbs.db file. Folders with pictures also display previews on their icon when displayed in Thumbnail mode – the first four images in the folder at 40×40 pixels (or proportionally shaped), with a 1-pixel divider overlaid on a standard large folder icon. The Thumbs.db file is stored in [[
▲'''Thumbs.db''' files are stored in each directory that contains thumbnails on Windows systems. The file is created locally among the images, however, preventing system wide use of the data and creating additional data load on removable devices.<ref>[http://msdn.microsoft.com/en-us/library/bb774628(VS.85).aspx IThumbnailCache Interface], MSDN, Microsoft Corporation</ref> [[Windows XP editions#Media Center Edition|Windows XP Media Center Edition]] also creates <code>ehthumbs.db</code> which holds previews of video files. Each thumbnail created in a directory is represented in this database file as a small JPEG file, regardless of the file's original format. The images are resized to 96×96 pixels by default or a proportional miniature of their original shape for non-square images, with 96 pixels on the longer side. The size can be controlled by a setting on Windows Registry. Each folder with initiated thumbnail views (that is where they have displayed a Thumbnails or Filmstrip view in Windows Explorer) will have a Thumbs.db file. Folders with pictures also display previews on their icon when displayed in Thumbnail mode – the first four images in the folder at 40×40 pixels (or proportionally shaped), with a 1-pixel divider overlaid on a standard large folder icon. The Thumbs.db file is stored in [[Object Linking and Embedding|OLE Compound Document]] format, the same format that many [[Microsoft Office]] products use.<ref>[http://forums.oracle.com/forums/thread.jspa?messageID=5365475 Java 2D – Thumbnails Thumbs.db], Oracle Forums</ref>
==Centralized thumbnail cache==
Line 16:
==As forensic evidence==
Law-enforcement agencies have used this file to prove that illicit photos were previously stored on the hard drive.<ref>{{cite web |url=http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1169&context=amcis2014|title=Forensic Analysis of Windows Thumbcache files|publisher=AISEL|work=University of South Australia}}</ref> For example, the [[FBI]] used the "thumbs.db" file in 2008 as evidence of viewing depictions of [[child pornography]].<ref>{{cite web
In 2013, research was conducted that focused on the Digital Forensic implications of thumbnail caches and recovering partial thumbnail cache files. It identified that whilst there is a standard definition of a thumbnail cache the structure and forensic
▲In 2013, research was conducted that focused on the Digital Forensic implications of thumbnail caches and recovering partial thumbnail cache files. It identified that whilst there is a standard definition of a thumbnail cache the structure and forensic artefacts recoverable from them varies significantly between operating systems. The work also showed that the thumbcache_256.db contains non-standard thumbnail cache records which can store interesting data such as network place names and allocated drive letters. <ref>[https://core.ac.uk/download/pdf/17168934.pdf], Morris </ref> <ref>[http://www.identatron.co.uk/research_2011.html], Morris & Chivers </ref>
==See also==
*[[.DS_Store]]
*[[Quick Look]]
Line 33 ⟶ 29:
==External links==
*[https://thumbcacheviewer.github.io/ Thumbcache Viewer] – open-source thumbcache_*.db viewer
*[https://thumbsviewer.github.io/ Thumbs Viewer] – open-source viewers for both Thumbs.db (legacy mode) and
*[https://github.com/AtesComp/Vinetto Vinetto] is a forensics tool to examine Thumbs.db files.
*{{webarchive |url=https://web.archive.org/web/20131116234204/http://www.thumbnailexpert.com/en/formats/windows-thumbnail-cache/ |date=November 16, 2013 |title=Windows thumbnail cache}} – Description of thumbs.db file
*[http://www.sevenforums.com/tutorials/10794-thumbnail-cache-enable-disable.html Prevent the creation of thumbs.db files via Group Policy (Windows 7)]
| |||