MetaDiver – What is Shell

I want to continue to explore some of the powerful options in MetaDiver 1.1.1.

What is Shell?

I’m going to back up a bit and talk a little about what I mean when I talk about Shell and why I talk about it so much.

Shell refers to the Windows Shell API functions. In windows this is the shell32.dll. The ability to access the API has been in Windows a while (at least Windows Vista) and it is used in Windows Explorer, File Properties, Office, just about everywhere.. You start to get a hint as to why i find it so interesting and useful. You can do a lot more than just read information about a file using Shell, you can create files and alter Metadata as well. We only care about reading and preserving however!

If a program like Office has a dll registered with Shell you can pull properties about that file. This works for Office Documents, Windows Shortcuts, URL’s, Video (MP4, AVI, etc..) and MP3 files (ID3 Tags) and sometimes Adobe PDF’s as well as others.

You can write your own shell handlers and plugins. These are what you see in the context menu when you right click on a file or directory in Explorer. Those are shell plugins! They are all talking via Com (Component Object Model). has user comments talking about Shell32.dll, all of the comments are basically correct.

I’ve used MetaDiver to discover as many Shell attributes (or as you see them columns) as possible about a file. I’ve found over 400 at this point I think. The number can vary by the version of windows you are running and the applications you have installed.

I’ll have more on this in my next post.

I hope you find this post useful and informative!


About the author

-Blog my research related to metadata, digital forensics and other technical topics.
-Develop software solutions for
-Licensed Computer Forensics Investigator for G-C Partners
-World Traveler!