I just thought i would be a smart ass and put this up here. The thread specifications says nothing about it having to be ka related 
[left] [/left]
[center]
Thumbs.db
By: Krazyjon
[/center]
I. Introduction
A thumbs.db file is created automatically in the Windows 2000 and XP operating systems when a user chooses to view thumbnails in a folder.
II. Features, Benefits & Downsides
The thumbs.db file is hidden from the user. This is done by default by the Windows Operating System. This is good for the forensic examiner. If a user selected “View Thumbnails” once in the life of the file in a folder, a thumbnail of that file is placed in that folders thumbs.db. Even if the original file is deleted, the thumbs.db file will still hold a thumbnail of the original file.
As mentioned above, thumbs.db files are created by default in Windows 2000 an Xp. A user can change the settings of the computer to not allow thumbs.db to be created. To verify if a user has changed the default setting for the thumbs.db feature locate the following registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
If the DisableThumbnailCache value is “1” the computer will not create thumbs.db files. If the value is “0” then the computer is currently in its default setting and will create thumb.db files.
Within the thumbs.db file, the only file attribute that is included is the “Last Written” date. The thumbs.db file will continually be updated by the OS. Meaning that if you change the file and save it, the “Last Written” date will be updated.
In EnCase, after mounting the thumbs.db file, if you click on the Catalog file in the right pane and put the bottom pane into text view you should see the file names of all the files in Unicode format. The 8 bytes immediately preceding each file name is the Last Written date/time. If you highlight these 8 bytes, right click and choose Bookmark and then choose to view this text as a Windows Time and Date - this will show you the last time this file was written into the Thumbs.db.
The process to export the thums.db file conduct the following process:
· Mount the thumbs.db
· Blue Check the thumbs.db file
· Run file finder on “selected files” for jpegs.
III. Conclusions and/or Recommendations
Analysis of the thumbs.db file may produce positive results in certain investigations