Mutilate  Cover Your Tracks - Internet Explorer*

   
 

 
Covering tracks on your hard drive left by Internet Explorer 5.X*, 6.X

Unlike Netscape Navigator or Mozilla, Explorer's cache, history & cookie files cannot be written over and securely deleted in a straight-forward fashion because the files are in use during every Windows session. Access to these files is denied by Windows while they are in use. Below I list some ways to gain access to these files. Please read my disclaimer at the bottom of the page before making any changes to your system :

Windows NT,2000,XP

To wipe browser tracks on a machine running Windows NT,2000, or XP, the folders you'll probably want to target are:

  • Temporary Internet Files (these are cached html pages, images, etc)
  • History (a list of all the sites you have visited)
  • Cookies (set by the sites you have visited)
  • Recent (documents you have accessed recently)

The location of these files will differ depending on how you have your profiles set up. Here's where my folders are:

  • C:\Documents and Settings\Craig\Local Settings\Temporary Internet Files
  • C:\Documents and Settings\Craig\Local Settings\History
  • C:\Documents and Settings\Craig\Cookies
  • C:\Documents and Settings\Craig\Recent

You'll need to locate these folders on your own computer. Please note that "Local Settings" is a hidden folder, so unless you have your system set up to display hidden files and folders, it won't be visible. You can, however, just navigate to your profile folder in the Documents and Settings folder and click on your profile folder. This will update the address line, then just type "\Local Settings" (without quotes) into the Windows Explorer address bar after your profile folder. You should be able to find the complete paths now to the Temporary Internet Files or History folders. Note also, that even with viewing hidden files enabled, the "Recent" folder may not show up, you'll have to type it in as indicated above.

All the above folders except the "Recent" folder contain a file named "index.dat" which must be wiped (or just deleted if you are only trying to free up space). If you don't get rid of this file, all the other files showing in the folder will get recreated. It's best to get rid of the whole folder. Windows will recreate the files again as needed.

Since index.dat files are in use by explorer.exe (that's the Windows shell) you need to close explorer.exe down before you can proceed. There are two easy ways to do this:

1.) Log in from a different profile. You can always create a new profile just for this purpose if necessary (assuming of course that you are an administrator or have sufficient rights on the machine.) You can set these folders up for deletion using Mutilate File Wiper's Power Mutilator feature which stores the paths for repeated use.

2.) Close down explorer.exe in the current profile:

Start up Mutilate File Wiper and shut down other open applications.

Control-Alt-Delete to bring up Windows Task Manager. Select the Processes tab & highlight 'explorer.exe'

With explorer.exe highlighted, hit the 'End Process' button. Answer yes to the Task Manager Warning. (I haven't had any problems doing this. You might want to think twice about it if you're working on your companies' production server. It's possible other running processes associated with the shell will also terminate.)

This will close the Windows shell. You should now just see your desktop background, Task Manager and Mutilate File Wiper. Don't Panic! Use Mutilate File Wiper to wipe the folders above. (If you just want to delete the files, you'll have to create a batch file to do the actual deletions since you can't use Windows Explorer). To get your desktop back, hit the Applications tab in Windows Task Manager. Select the "New Task..." button, type in "explorer" (without quotes) and hit the "OK" button.

See also the Mutilate File Wiper help file for instructions on clearing your swapfile and the section on Typed URLs below.

 

Windows 95/98:

To wipe these files from Windows 95 or 98, grab a copy of Mutilate Swapfile Wiper . The files you'll probably want to target are:

  • C:/Windows/Tempor~1/Content.ie5/index.dat (your temporary internet files- these are cached html pages, images, etc)
  • C:/Windows/Cookies/index.dat (cookies)
  • C:/Windows/History/Content.ie5/index.dat (history of visited websites)
  • C:/win386.swp (your swapfile)

The 'index.dat' files contain all the files showing in C:\Windows\Temporary Internet Files, C:\Windows\Cookies and C:\Windows\History.

Do not use Mutilate Swapfile Wiper in a DOS Window. You must exit Windows to the DOS prompt for the program to function. For real DOS mode, select Windows 'Start | Shut Down...' and select 'Restart in MS-DOS mode'. While you're at it, you should also wipe the swapfile since anything in the above files could find their way to the swapfile. Refer to the readme file supplied with Mutilate Swapfile Wiper for instructions.

You may find it convenient to use a batch file to accomplish the above. In notepad type:

cd\
C:\mutwipe.exe C:\windows\tempor~1\content.ie5\index.dat /n C:\mutwipe.exe C:\windows\cookies\index.dat /n
C:\mutwipe.exe C:\windows\history\content.ie5\index.dat /n
C:\mutwipe.exe C:\win386.swp /n

Next, save as 'wipe.bat' or some other unique name & put it in your 'C:\Windows' folder. To wipe your temporary internet files, cookies, history, and your swap file, all you'll have to do is type 'wipe' , then turn off your computer, or, type 'exit' to return to Windows. Add a line with the command 'exit' (without quotes) to the above batch file if you would like to return to Windows automatically.

 

Typed URLs

Internet Explorer also keeps a history of visited sites in the registry. You'll see these files when you type in a URL and IE "guesses" what you are going to type to save you a few steps. Great idea, except it divulges previously visited sites.

These values reside in the registry at:
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs

You can delete them in the registry using the Windows program Regedit. Go to Start|Run & type "regedit" (without quotes) on the command line.

Regedit allows you to save a copy of the registry by using the export function. You may want to do this before messing around with the registry.

 

________________________________________________

 

Another alternative to preserve your internet browsing privacy is to disable Explorer's cache, history, and cookie files. Explorer's built-in facility for disabling the cache and history folders is not secure. For example, you can set IE's history folder to hold links for zero days, however, links for the current day are still stored on your hard drive. 

WARNING: Disabling the cache may a bit of overkill for normal use. Plan on losing your ability to download files with your web browser or to fill out a multi-page online order. You may still find this technique useful for cookies or history. If you encounter weird errors, remember how to restore your settings.

 

1) Disable the IE Cache Folder:

In IE, select Tools | Internet Options... select the General tab. In the Temporary Internet Files section select 'Delete Files'. Next select Windows 'Start | Shut Down... and select 'Restart in MS-DOS mode'

At the C prompt, change the directory to 'C:/Windows/Tempor~1/Context.ie5 (type cd windows then cd tempor~1 then type cd content.ie5)

Type "dir" ( without quotes ) The dir command should return a listing of one file called index.dat. If you do not see it try "dir /A:h" to show hidden files. The file, index.dat, contains all the link files showing in C:\Windows/Temporary Internet Files. Now change the index.dat file to read-only with the following DOS command: 

Attrib +r index.dat 

If you run into problems or are not satisfied with the results, you can restore the file to its original state by typing:

Attrib -r index.dat

To confirm that index.dat is read-only type:

Attrib index.dat

DOS will return something like:

A R index.dat 

The 'R' indicates read-only. Now type 'exit' & return to Windows.

Note: Once you've made the index.dat file read-only IE will generate a new copy of the current index.dat file in another location. Use Windows Find to locate the new one. I had to set the file 3 times to read-only before IE stopped generating new index.dat files. You should be able to tell that the file is inactive by looking at the last time the file was last modified in Windows Explorer.
 

2) Disable the IE History folder:

In IE, select View | Internet Options...| General. In the History section change the value for "Days to keep pages in history" to 0. Then select the 'Clear History' button to delete current folders. Next select Windows 'Start | Shut Down...' and select ' Restart in MS-DOS mode'

At the C prompt, change the directory to 'C:/Windows/History/Content.ie5' (from the C prompt type cd windows then cd history, and then cd content.ie5 .)

Type dir The dir command should return a listing of one file called index.dat. If you do not see it try "dir /A:h " to show hidden files. The files listed in the Windows/History folder are actually just this one file. Now change the index.dat file to read-only with the following DOS command: 

Attrib +r index.dat 

If you run into problems or are not satisfied with the results, you can restore the file to its original state by typing:

Attrib -r index.dat

To confirm that index.dat is read-only type:

Attrib index.dat

DOS will return something like:

A R index.dat 

The 'R' indicates read-only. Now type exit & return to Windows.

Note: Once you've made the index.dat file read-only IE will generate a new copy of the current index.dat file in another location. Use Windows Find to locate the new one. I had to set the file 3 times to read-only before IE stopped generating new index.dat files. You should be able to tell that the file is inactive by looking at the last time the file was last modified in Windows Explorer.
 

3) Disable Cookies: Disable cookies by setting the index.dat file to read only. Look for the file in C:\Windows\Cookies . See also the notes above.

 

You may want to close all open programs at this point and use Mutilate to wipe disk free space to wipe deleted information from your hard drive.

You should be able manipulate the above files without any adverse complications. Please note, however, some sites, such as Microsoft, may require intact cookies to perform some features. 

Warning: The above information is provided "as is" without warranty of any kind. Proceed at your own risk. I will not be responsible for any complications resulting from the use or misuse of this information.

*Internet Explorer and Windows are registered trademarks of Microsoft Corp

 

   

 

Mutilate Home Page | Download Mutilate  | Reviews

 

Copyright 1996-2004 All rights reserved. Email: craigchr ạt comcast dọt net