When you delete the visited urls and the cache in Internet Explorer after disconnecting your computer from the internet you are safe, right ? Many users think that it is impossible to find out which websites have been visited when they delete the cache and the history. This is not true..
The file index.dat which exists many times on windows xp accounts, to be precise many times for every user, stores visited urls and cookies for instance even though you deleted that information before. Microsoft surely has a good explanation for this, right ? They say it is to speed up Internet Explorer but this sounds somewhat fishy, why would you need for instance the cookies if you have deleted them ?
To find index.dat on your computer you need to do the following (Win xo only). Open any folder, click on tools, folder options. Select view from the tab and uncheck “hide protected operating system files” and make sure “Show hidden files and folders is enabled”. Now search for index.dat and windows will come up with some search results.
It does help to view the file in an normal editor, it won’t show anything. What you need to do to see the list of urls or cookies is to download the sweet little tool Pasco created by Keith Jones. It is a freeware command line utility. Unpack it, copy any of the index.dat files into the bin dir of pasco and fire up the command line mode of windows xp. (Hit Windows key + R, enter cmd and hit enter)
Change to the pasco dir and enter the following command:
pasco index.dat > urls.txt
Pasco creates a text file with all urls that are saved in the index.dat file. You can then view the with every text editor available. The same works with the index.dat that holds the cookies of course.
Ever wanted to know what your kids, husband, wife, friends, co-workers do when they are alone ? Use the index.dat file to find out.
How to remove the index.dat file:
The index.dat file is protected in windows and you will have a hard time deleting it from within.
These data files are used by Internet Explorer and Windows Explorer. You cannot delete a file that is in use by a running program. If you feel you need to delete the file, you will have to shutdown all instances of Explorer and IE. This includes applications that may host the Webbrowser control: Outlook, Messenger, IE, Product Studio, Visual Studio, Help, Windows Media Player, etc. Your best bet is just close everything. When you are left with a desktop and a start menu, you will still need to shutdown Explorer. To cleanly shutdown Explorer: Start->Shutdown->CTRL+ALT+SHIFT+Click ‘Cancel’ (for more info, see this post). You can use Task Manager (CTRL+SHIFT+ESC, File->Run…) at this point to open a command window. You should be able to go delete the index.dat. I have only tried this on XPSP2, but it should work anywhere.
Another way would be to boot either into safemode or dos to kill the file.
The new Internet Explorer 7 apparently fixes this issue
No comments:
Post a Comment