3

Recently I attended an interview, where the interviewer asked me the following questions in technical face to face interview:

  • How does Sticky Notes works?
  • How Windows is able to preserver the data even though it is not saved explicitly?
  • How the data is preserved even when the system crashes?

I've no idea how does it works. Tried googling, but I couldn't find any useful information.

Can anyone explain or give some information?

pnuts
  • 58,317
  • 11
  • 87
  • 139
Gokul Nath KP
  • 15,485
  • 24
  • 88
  • 126
  • Questions concerning problems with **code you've written** must describe the specific problem — and **include valid code to reproduce it** — in the question itself. See SSCCE.org for guidance. – MikroDel Nov 07 '13 at 07:31
  • I think you question is off topic for this site – MikroDel Nov 07 '13 at 07:31
  • Any specific reason for downvoting? Stop downvoting, if you don't like/understand the question. – Gokul Nath KP Nov 07 '13 at 07:39
  • 1
    FYI: What topics can I ask about here? Stack Overflow is for professional and enthusiast programmers, people who write code because they love it. We feel the best Stack Overflow questions have a bit of source code in them, but if your question generally covers… 1. a specific programming problem 2. a software algorithm 3. software tools commonly used by programmers 4. practical, answerable problems that are unique to software development. So my question comes under point 4. – Gokul Nath KP Nov 07 '13 at 07:40

2 Answers2

4

Sticky notes are written to a file which you can find at '%appdata%\Microsoft\Sticky Notes\StickyNotes.snt' and since there is not an explicit 'save' option, it should be flushing the content to that file as you write it and hence the data is preserved in case of a system crash.

aks
  • 157
  • 9
4

I agree with @Vii's response. He has the right information about where the file is stored.

I have found some forensic background on this file here: http://www.forensicswiki.org/wiki/Sticky_Notes

It seems like the SNT file has 3 datastreams, 0,1 and 3. Stream 0 stores information in RTF form and Steam 3 stores the actual text in Unicode format.

The Root Entry of the storage stream has a timestamp associated with it and you can use tools like MiTec Storage Viewer, Sticky7List to view the creation and modification times associated with the file. You can create a sticky note and observe when it creates the datastream and modify the sticky note and monitor how it modifies the file.

Some helpful references: http://www.pcworld.com/article/191453/sticky_notes.html

https://superuser.com/questions/396698/how-to-retrieve-contents-of-stick-notes-directly-from-file-system

http://www.forensicswiki.org/wiki/Sticky_Notes

http://computer-forensics.sans.org/blog/2010/10/19/digital-forensics-stuck-stickies-2

http://windowsir.blogspot.com/2011/08/sticky-notes-analysis.html

Community
  • 1
  • 1
Bilal
  • 216
  • 1
  • 5