Re: [ISN] Microsoft's Really Hidden Files: A New Look At Forensics. (v2.5b)

From: InfoSec News (isnat_private)
Date: Tue Oct 30 2001 - 01:39:54 PST

  • Next message: InfoSec News: "[ISN] Re: [DMCA_discuss] Linux kernel security fixes censored by the DMCA"

    Forwarded from: Charlie Pullaro <CPullaroat_private>
    use spider
    to get rid of those sh1ts
    "When one of the above mentioned programs is installed, there will be
    several hidden files in several directories, these files are called
    index.dat in IE4. The directory-names depend on the language version of the
    program. In the English version they are: <WindowsDirectory>\Cookies,
    <WindowsDirectory>\History, <WindowsDirectory>\Temporary Internet Files and
    underlying directories; if userprofiles are installed, then the following
    directories are also used: <WindowsDirectory>\Profiles\<Username>\Cookies,
    <WindowsDirectory>\Profiles\<Username>\History and
    <WindowsDirectory>\Profiles\<Username>\Temporary Internet Files."
    take care,
    your humble student,
    -----Original Message-----
    From: InfoSec News [mailto:isnat_private]
    Sent: Friday, October 26, 2001 2:55 AM
    To: isnat_private
    Subject: [ISN] Microsoft's Really Hidden Files: A New Look At Forensics.
    By The Riddler
    October 14, 2001  (v2.0 finished May 16, 2001; v1.0 finished 
    June 11, 2000)
    Written with Windows 9x in mind, but not limited to.
    I will not be liable for any damage or lost information, whether due
    to reader's error, or any other reason.
    There are folders on your computer that Microsoft has tried hard to
    keep secret.  Within these folders you will find two major things:  
    Microsoft Internet Explorer has been logging all of the sites you have
    ever visited -- even after you've cleared your history, and
    Microsoft's Outlook Express has been logging all of your e-mail
    correspondence -- even after you've erased them from your Deleted
    Items bin.  (This also includes all incoming and outgoing file
    attachments.)  And believe me, that's not even the half of it.
    When I say these files are hidden well, I really mean it.  If you
    don't have any knowledge of DOS then don't plan on finding these files
    on your own.  I say this because these files/folders won't be
    displayed in Windows Explorer at all -- only DOS.  (Even after you
    have enabled Windows Explorer to "view all files.")  And to top it
    off, the only way to find them in DOS is if you knew the exact
    location of them.  Basically, what I'm saying is if you didn't know
    the files existed then the chances of you running across them is slim
    to slimmer.
    It's interesting to note that Microsoft does not explain this behavior
    adequately at all.  Just try searching on
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 08:22:35 PST