Is this true - windows and URL logging?

From: Jigsaw (
Date: 02/09/05

Date: Wed, 09 Feb 2005 17:58:25 +0000

I just saw this in a thread from a legal newsgroup. I have never heard
of this before. Can it be correct? I assumed that using Steganos or
Eraser would wipe all IE History files from c:\windows\history directory.

Or are such files located somewhere else?

>> f you use Windows and IE, search for a free program called "spider"
>> (not sure what OS's it covers). It enables you to list the hidden
>> history logs that IE creates and never clears, which detail the URL of
>> every page of every site you have visited since the OS was installed,
>> however you came to access the page and even if you went through a
>> proxy. Also every search term that you have ever plugged into a
>> search engine. Such hidden logs are a huge boon for computer
>> forensics! Windows helpfully keeps them constantly open even when you
>> are not using IE so that they are marked in use and cannot be
>> accidentally deleted. It also does not display all the directories &
>> files in "Explorer" even if you have turned on the display of hidden
>> files. Nor is there any utility supplied by Windows or IE that allows
>> you to clear them. If you have a FAT32 file system you can get to
>> them through a DOS boot. On an NTFS system you can make a directory
>> listing of them via Windows command prompt, but as they are locked you
>> cannot delete them unless you have accessed the drive from a different
>> NTFS capable OS.
> But isn't space/size a factor? If a pc is in use for months
/years, can
> it continue to collect this info, without overwriting previously
> info?

It just keeps on growing, and adding URLs, even if you clear your browsing
history. If I was a forensic investigator it would be the first place I
would look.

(You can delete it on an NTFS system if you log in as another user)

Relevant Pages

  • Re: been hit by hacker, servudaemon installed
    ... >Every single one of the web servers and internet server ... >Windows, Apache, you name it. ... >commands they entered in your IIS server logs. ...
  • Re: been hit by hacker, servudaemon installed
    ... Every single one of the web servers and internet server operating systems ... Windows, Apache, you name it. ... commands they entered in your IIS server logs. ...
  • Re: XP BS
    ... So you bought a computer in the year 2003 with Windows '98 installed on it? ... Yes - the last two install from the web - but they are safe. ... Unwanted history of every website you visit? ... In Internet Explorer, on the Tools menu, click Internet Options. ...
  • Re: Address bar will not save history
    ... Fixing History in Internet Explorer ... It could be that the History folder has become damaged or corrupted, ... See: How To Delete the Internet Explorer Temporary Internet Files: ... History folder in Windows 9x,2K, XP. ...
  • Re: Winvnc hack! [25 KB]
    ... came in from a service such as IIS that logs IP address. ... Check your IIS ... Some firewall software such as ... You can also use the NETSTAT -A command that comes with Windows to look at ...