Covering tracks on your hard
drive left by Internet Explorer 5.X*, 6.X
Unlike Netscape Navigator
or Mozilla, Explorer's cache, history & cookie files cannot be
written over and securely deleted in a straight-forward fashion
because the files are in use during every Windows session. Access to
these files is denied by Windows while they are in use. Below I list
some ways to gain access to these files. Please read my disclaimer
at the bottom of the page before making any changes
to your system :
Windows
NT,2000,XP
To wipe
browser tracks on a machine running Windows NT,2000,
or XP, the folders you'll probably want to target
are:
- Temporary
Internet Files (these are cached
html pages, images, etc)
- History
(a list of all the sites you have
visited)
- Cookies
(set by the sites you have visited)
- Recent
(documents you have accessed
recently)
The location of these
files will differ depending on how you have your
profiles set up. Here's where my folders are:
- C:\Documents
and Settings\Craig\Local Settings\Temporary
Internet Files
- C:\Documents
and Settings\Craig\Local Settings\History
- C:\Documents
and Settings\Craig\Cookies
- C:\Documents
and Settings\Craig\Recent
You'll need
to locate these folders on your own computer. Please
note that "Local Settings" is a hidden
folder, so unless you have your system set up to
display hidden files and folders, it won't be
visible. You can, however, just navigate to your
profile folder in the Documents and Settings folder
and click on your profile folder. This will update
the address line, then just type "\Local
Settings" (without quotes) into the Windows
Explorer address bar after your profile folder. You
should be able to find the complete paths now to the
Temporary Internet Files or History folders. Note
also, that even with viewing hidden files enabled,
the "Recent" folder may not show up, you'll
have to type it in as indicated above.
All the above folders
except the "Recent" folder contain a file named "index.dat"
which must be wiped (or just deleted if you are only trying to free
up space). If you don't get rid of this file, all the other files
showing in the folder will get recreated. It's best to get rid of the whole folder.
Windows will recreate the files again as needed.
Since
index.dat files are in use by explorer.exe (that's
the Windows shell) you need to close explorer.exe
down before you can proceed. There are two easy ways
to do this:
1.) Log in
from a different profile. You can always create a new
profile just for this purpose if necessary (assuming
of course that you are an administrator or have
sufficient rights on the machine.) You can set these
folders up for deletion using Mutilate File Wiper's
Power Mutilator feature which stores the paths for
repeated use.
2.) Close
down explorer.exe in the current profile:
Start up
Mutilate File Wiper and shut down other open
applications.
Control-Alt-Delete
to bring up Windows Task Manager. Select the
Processes tab & highlight 'explorer.exe'
With
explorer.exe highlighted, hit the 'End Process'
button. Answer yes to the Task Manager
Warning. (I haven't had any problems doing this. You
might want to think twice about it if you're working
on your companies' production server. It's possible other running
processes associated with the shell will also terminate.)
This will
close the Windows shell. You should now just see your
desktop background, Task Manager and Mutilate File
Wiper. Don't Panic! Use Mutilate File Wiper to wipe
the folders above. (If you just want to delete the
files, you'll have to create a batch file to do the
actual deletions since you can't use Windows
Explorer). To get your desktop back, hit the
Applications tab in Windows Task Manager. Select the
"New Task..." button, type in
"explorer" (without quotes) and hit the
"OK" button.
See also the
Mutilate File Wiper help file for instructions on
clearing your swapfile and the section on Typed
URLs below.
Windows
95/98:
To wipe
these files from Windows 95 or 98, grab a copy of Mutilate Swapfile
Wiper . The files you'll probably
want to target are:
- C:/Windows/Tempor~1/Content.ie5/index.dat
(your temporary internet files- these
are cached html pages, images, etc)
- C:/Windows/Cookies/index.dat
(cookies)
- C:/Windows/History/Content.ie5/index.dat
(history of visited websites)
- C:/win386.swp
(your swapfile)
The
'index.dat' files contain all the files showing in
C:\Windows\Temporary Internet Files,
C:\Windows\Cookies and C:\Windows\History.
Do not use Mutilate
Swapfile Wiper in a DOS Window. You must exit
Windows to the DOS prompt for the program to
function. For real DOS mode, select Windows 'Start
| Shut Down...' and select 'Restart in
MS-DOS mode'. While you're at it, you should
also wipe the swapfile since anything in the above
files could find their way to the swapfile. Refer to
the readme file supplied with Mutilate Swapfile Wiper
for instructions.
You may find
it convenient to use a batch file to accomplish the
above. In notepad type:
cd\
C:\mutwipe.exe
C:\windows\tempor~1\content.ie5\index.dat /n
C:\mutwipe.exe C:\windows\cookies\index.dat /n
C:\mutwipe.exe
C:\windows\history\content.ie5\index.dat /n
C:\mutwipe.exe C:\win386.swp /n
Next, save
as 'wipe.bat' or some other unique name & put it
in your 'C:\Windows' folder. To wipe your temporary
internet files, cookies, history, and your swap file,
all you'll have to do is type 'wipe' , then turn off
your computer, or, type 'exit' to return to Windows.
Add a line with the command 'exit' (without quotes)
to the above batch file if you would like to return
to Windows automatically.
Typed
URLs
Internet
Explorer also keeps a history of visited sites in the
registry. You'll see these files when you type in a
URL and IE "guesses" what you are going to
type to save you a few steps. Great idea, except it
divulges previously visited sites.
These values
reside in the registry at:
HKEY_CURRENT_USER/Software/Microsoft/Internet
Explorer/TypedURLs
You can delete them in the registry using the Windows
program Regedit. Go to Start|Run & type
"regedit" (without quotes) on the command
line.
Regedit allows you to save a copy of the registry by
using the export function. You may want to do this
before messing around with the registry.
________________________________________________
Another
alternative to preserve your internet browsing
privacy is to disable Explorer's cache, history, and
cookie files. Explorer's built-in facility for
disabling the cache and history folders is not
secure. For example, you can set IE's history folder
to hold links for zero days, however, links for the
current day are still stored on your hard
drive.
WARNING: Disabling the cache may a bit of overkill for
normal use. Plan on losing your ability to download
files with your web browser or to fill out a
multi-page online order. You may still find this
technique useful for cookies or history. If you
encounter weird errors, remember how to restore your
settings.
1)
Disable the IE Cache Folder:
In IE,
select Tools | Internet Options... select
the General tab. In the
Temporary Internet Files section select 'Delete
Files'. Next select Windows 'Start |
Shut Down... and select 'Restart in
MS-DOS mode'
At the C
prompt, change the directory to 'C:/Windows/Tempor~1/Context.ie5
(type cd windows
then cd tempor~1 then
type cd content.ie5)
Type "dir"
( without quotes ) The dir command should return
a listing of one file called index.dat. If you do not
see it try "dir /A:h" to
show hidden files. The file, index.dat, contains all
the link files showing in C:\Windows/Temporary
Internet Files. Now change the index.dat file to
read-only with the following DOS command:
Attrib
+r index.dat
If you run
into problems or are not satisfied with the results,
you can restore the file to its original state by
typing:
Attrib
-r index.dat
To confirm
that index.dat is read-only type:
Attrib
index.dat
DOS will
return something like:
A R
index.dat
The 'R'
indicates read-only. Now type 'exit' & return to
Windows.
Note: Once you've made
the index.dat file read-only IE will generate a new
copy of the current index.dat file in another
location. Use Windows Find to locate the new one. I
had to set the file 3 times to read-only before IE
stopped generating new index.dat files. You should be
able to tell that the file is inactive by looking at
the last time the file was last modified in Windows
Explorer.
2)
Disable the IE History folder:
In IE,
select View | Internet Options...| General.
In the History section change the value for "Days
to keep pages in history" to 0. Then
select the 'Clear History' button to
delete current folders. Next select Windows 'Start
| Shut Down...' and select ' Restart in
MS-DOS mode'
At the C
prompt, change the directory to 'C:/Windows/History/Content.ie5'
(from the C prompt type cd windows
then cd history, and then cd
content.ie5 .)
Type dir
The dir command should return a listing of one file
called index.dat. If you do not see it try "dir
/A:h " to show hidden files. The files
listed in the Windows/History folder are actually
just this one file. Now change the index.dat file to
read-only with the following DOS command:
Attrib
+r index.dat
If you run
into problems or are not satisfied with the results,
you can restore the file to its original state by
typing:
Attrib
-r index.dat
To confirm
that index.dat is read-only type:
Attrib
index.dat
DOS will
return something like:
A R
index.dat
The 'R'
indicates read-only. Now type exit & return to
Windows.
Note: Once you've made
the index.dat file read-only IE will generate a new
copy of the current index.dat file in another
location. Use Windows Find to locate the new one. I
had to set the file 3 times to read-only before IE
stopped generating new index.dat files. You should be
able to tell that the file is inactive by looking at
the last time the file was last modified in Windows
Explorer.
3)
Disable Cookies: Disable cookies by setting the
index.dat file to read only. Look for the file in
C:\Windows\Cookies
. See also the notes
above.
You may want
to close all open programs at this point and use
Mutilate to wipe disk free space to wipe deleted
information from your hard drive.
You should
be able manipulate the above files without any
adverse complications. Please note, however, some
sites, such as Microsoft, may require intact cookies
to perform some features.
Warning:
The above information is provided "as is"
without warranty of any kind. Proceed at your own
risk. I will not be responsible for any complications
resulting from the use or misuse of this information.
*Internet Explorer and Windows
are registered trademarks of Microsoft Corp