Is this true - windows and URL logging?

From: Jigsaw (jigsaw_at_zzzzzzzzz.com)
Date: 02/09/05


Date: Wed, 09 Feb 2005 17:58:25 +0000

I just saw this in a thread from a legal newsgroup. I have never heard
of this before. Can it be correct? I assumed that using Steganos or
Eraser would wipe all IE History files from c:\windows\history directory.

Or are such files located somewhere else?

>> f you use Windows and IE, search for a free program called "spider"
>> (not sure what OS's it covers). It enables you to list the hidden
>> history logs that IE creates and never clears, which detail the URL of
>> every page of every site you have visited since the OS was installed,
>> however you came to access the page and even if you went through a
>> proxy. Also every search term that you have ever plugged into a
>> search engine. Such hidden logs are a huge boon for computer
>> forensics! Windows helpfully keeps them constantly open even when you
>> are not using IE so that they are marked in use and cannot be
>> accidentally deleted. It also does not display all the directories &
>> files in "Explorer" even if you have turned on the display of hidden
>> files. Nor is there any utility supplied by Windows or IE that allows
>> you to clear them. If you have a FAT32 file system you can get to
>> them through a DOS boot. On an NTFS system you can make a directory
>> listing of them via Windows command prompt, but as they are locked you
>> cannot delete them unless you have accessed the drive from a different
>> NTFS capable OS.
>>
>
> But isn't space/size a factor? If a pc is in use for months
/years, can
> it continue to collect this info, without overwriting previously
collected
> info?

It just keeps on growing, and adding URLs, even if you clear your browsing
history. If I was a forensic investigator it would be the first place I
would look.

(You can delete it on an NTFS system if you log in as another user)