Re: Plod Forensics (IT)

On Mon, 28 Jul 2008 10:18:31 +0100, "Aidy" <noemail@xxxxxxxxxxx>
wrote:

The particular index.dat file in question is treated exceptionally

Is it? Go to <system drive>:\windows\assembly

Now open up a command prompt and CD to the same place then do a DIR.
Windows explorer is built on a "plug-in" system where you can dictate how
certain folders, or files, appear. MS wants your history to appear as a
history (or not at all, preferring you to see it through IE only) so
explorer sees the relevant files and folders differently.

Oh really? Then how come it is a user option whether to see other,
more vital system files or not?

For "advanced" users it is sometimes nesseccary to manage these system
files.

But an "advanced user" would never want to delete their browsing
history? Pull the other one.

So explain how you would delete it in a standard Windows install.

Set it to delete when the system starts via the registry. MS gives you a
way to alter files that are in constant use so that the os can be updated.

How do I set it to delete at startup via the registry, and is this
something that you would expect an average user to be able to do?

Oh, I know for a fact that the file is used to track and log what you
browse.

Wait a minute, I thought you said you knew what an index was. You're making
it quite obvious that you don't.

You are making it quite obvious that you do not know how it is used by
a forensic expert. Regardless as to whether it is *designed* for that
purpose, it is undoubtedly the way it is *used*.

Please explain to me how it speeds things up.

See the previous comment. You have now confirmed you don't know what an
index is, you don't understand what this file is or what it is for. Instead
you are latching onto some X-Filesesque conspiracy theories. For a cynic
you are quite easily led.

And for a self-proclaimed expert on the subject you are sidestepping
all the questions I have asked. I say again, how does the index.dat
file speed up web-browsing? The fact is that it *slows down* the web
browser because it is searched through every time you enter a URL.

My web browser can take up to a minute to display my default home page
- which is set to "blank"!

So why not use the *same* file for both purposes?

The history is the history, it is a visual aid. The index is there to aid
performance and is not supposed to have a visual element.

But why duplicate information?

Did you know that
if you have a modern version of Windows that the OS keeps an index of most
of your files so that searching for files, and in the content of files is
quicker? It indexes your Word docs, your e-mail, your browser history and
everything. Part of an evil plan, or for your benefit?

It is a distinct disadvantage and I disable it. Far from speeding
things up, it slows down the operation tremendously.

And keeping lots of personal information without giving the user the
option of disabling or deleting it is *not* a good policy, no matter
what the purported purpose behind doing so.

AFAIAA you can disable *all* caching in FF - or at least have all
caches deleted automatically on close.

You can have IE deleted history when it closes also (google Power Tools)

Yes - but it will not delete the index.dat file in question - that's
exactly the point I am trying to get through to you.

And the index.dat file is not in *constant* use at all.

Download Process Explorer from sysinternals, search for everything that has
a lock on index.dat then come back here and admit you're wrong.

I am not disagreeing that it is constantly locked, only that it is in
constant use. Or do you not know the difference?

In fact it is something that all well-behaved programs on a
multi-tasking OS should do as a matter of course.

Windows has oodles of DLLs and files that are permanently locked, it is
completely normal.

It is normal for some files to be permanently locked, yes. I am
saying that trhere is no need whatsoever for that particular file to
be permanently locked.

--
Cynic


.

Relevant Pages

  • Re: I Still Have Files In History
    ... >Even when I clean the history file in IE6, ... >properties on the History folder in Windows. ... Internet Files and History folders the normal way. ... log in as administrator if some files won't ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Tracking Websites with GP?
    ... I am not sure how you would do this via GPO. ... > there is a way to check how users use the Internet at out company. ... > the History folder occasionally once the user logs off, ... > and history before logging off, so we could check their folders once the ...
    (microsoft.public.win2000.group_policy)
  • Re: how do I delete the browsed pages in Word?
    ... I have cleared all cookies, history, and temporary internet files. ... > and your Internet Explorer History folders: ...
    (microsoft.public.word.docmanagement)
  • Re: History view in IE
    ... Thanks for letting me know where the default History folder is! ... The History view in Internet Explorer 6 intermittently shows or does not ... > That's one of those folders which has a special system-defined view, ...
    (microsoft.public.win2000.general)
  • Re: User Data Folders
    ... These folders should be safe to delete. ... Internet Explorer uses to store the history of where you have been surfing ... It found about 60 empty directories ...
    (microsoft.public.windowsxp.general)