All Things Microsoft > Microsoft Software
Easy Removal of Windows Super Hidden Temp Files
para_fms:
--- Quote from: Aloone_Jonez ---
Please read this thread from the beginning. :rolleyes:
MS are not spying on you and it has nothing to do with law enforcement - the FBI already have plenty of methods of recovering deleted files from your hard disk.
Windows XP (don't know about ME/2000) doesn't have this problem, yes the index.dat files remain but their contents is removed.
--- End quote ---
i did read it and i paid particular attention to your post. i think you're wrong about those files not being used by LE however. i've personally had email and phone correspondences with a cop involved in forensics, as well as another detective who was a personal friend. "the riddler" came to the same conclusion when we were sharing information.
as far as the contents of index.dat being removed in XP, i'd have to check that again. i was under the impression that wasn't so. the files in the content.ie5 sub-directories still remain however.
Aloone_Jonez:
The index.dat files aren't actually removed, the list of URLS they contain gets cleared.
Orethrius:
--- Quote from: para_fms ---i did read it and i paid particular attention to your post. i think you're wrong about those files not being used by LE however.
--- End quote ---
Help me out here, you think he's wrong and that cache files are used by law enforcement agencies (which he admitted, along with the concept that they ALSO use Undelete and similar drive recovery tools - Disk Druid on Linux and Restorer2000 for Windows come to mind, among others), or that he's wrong and Microsoft actually colluded with the Feds to make the browser cache a protected system folder (any directory with a dot (.) extension being hidden from the system by default unless directly accessed)?
--- Quote from: para_fms ---i've personally had email and phone correspondences with a cop involved in forensics, as well as another detective who was a personal friend. "the riddler" came to the same conclusion when we were sharing information.
--- End quote ---
That's lovely. Did he tell you that "they" used cached files and data recovery (which would be most accurate, IMO), or just one or the other?
--- Quote from: para_fms ---as far as the contents of index.dat being removed in XP, i'd have to check that again. i was under the impression that wasn't so.
--- End quote ---
This seems to be the case under XP (verifiable via any hex editor), but you'll need to use one admin account to directly delete (as in shift-del) another's index.dat file. Why this is, I cannot begin to imagine.
--- Quote from: para_fms ---the files in the content.ie5 sub-directories still remain however.
--- End quote ---
I have noticed this behaviour myself, actually. Given, I can track down the folders and empty them manually if the clear command doesn't take the first dozen times, but why go to such lengths to make the folders protected system files? However, before going to the length of drawing dark conspiracies between the federal government and Microsoft (despite the NSA key debacle some time ago), I'd be more willing to chalk this one up to either programmer error (that is, a glitch - that's right, Windows is NOT immune to them by any stretch of the imagination) or an earnest attempt by Microsoft to claim that the browser is an inextricable part of the operating system ("See? Only the browser can delete the cached files, the system can't even read them!" - ignoring the obvious smoke and mirrors).
Then again, I could be wrong, and this COULD be a dark plot to make our personal data a matter of public record. Not that it'd be the first time or anything.
para_fms:
--- Quote from: Orethrius ---Help me out here, you think he's wrong and that cache files are used by law enforcement agencies (which he admitted, along with the concept that they ALSO use Undelete and similar drive recovery tools - Disk Druid on Linux and Restorer2000 for Windows come to mind, among others), or that he's wrong and Microsoft actually colluded with the Feds to make the browser cache a protected system folder (any directory with a dot (.) extension being hidden from the system by default unless directly accessed)?
--- End quote ---
i think (read: 98% sure) that the cache files are used by LE. i mean, that's just common sense. they'd be foolish not to. i don't know, nor do i have any strong opinion on whether or not MS and the feds worked together, though it certainly wouldn't suprise me at all.
--- Quote ---That's lovely. Did he tell you that "they" used cached files and data recovery (which would be most accurate, IMO), or just one or the other?
--- End quote ---
obviously they use both. we didn't talk a whole lot about data recovery though. i was more interested in the cache files. i do remember 'alternate data streams' and 'mirror imaging' being brought up at one point. i don't know about rootkits, though i don't think they were mentioned.
--- Quote ---This seems to be the case under XP (verifiable via any hex editor), but you'll need to use one admin account to directly delete (as in shift-del) another's index.dat file. Why this is, I cannot begin to imagine.
--- End quote ---
well, it could be as simple as trying to protect the cache files while the user is logged on, or it could be to protect the files so they can be used against you later. i'll vote for the latter.
--- Quote ---I have noticed this behaviour myself, actually. Given, I can track down the folders and empty them manually if the clear command doesn't take the first dozen times, but why go to such lengths to make the folders protected system files?
--- End quote ---
exactly!
--- Quote ---However, before going to the length of drawing dark conspiracies between the federal government and Microsoft...
--- End quote ---
i'm not, that's just it...
my opnions are rooted in the conversations i've had with 2 LE officers and 'the riddler'. i didn't come up with stuff by myself, though i did eventially suspect something fishy was going on. you asked the key question yourself; why attrib simple chache files hidden and system, plus burry them even further using the desktop.ini files? it's almost certainly not to protect them form the user, wouldn't you agree? hell, required system files aren't hidden that well!
Aloone_Jonez's post about the hiding mechinisim makes a lot of sense. IF i'm completely wrong about all this, i could see attributing my mistaken opinion to the information he provided, but i don't think i'm wrong. and the question still remains, why go through so much trouble to hide simple cache files? this was no coding error; the contents of desktop.ini aren't there by accident. no way.
Aloone_Jonez:
I can't be bothered to bebunk the rest of your post - I'd just be repeating myself.
--- Quote from: para_fms ---the contents of desktop.ini aren't there by accident. no way.
--- End quote ---
Almost every folder Windows has write access to on your hard drive will have a desktop.ini file in it. They are responsible for storing desktop related settings (strangly enough) like whether you want to view pictures as thumbnails the oreder you want the files sorted and the type of folder it is. The History and Temporary Internet files contain desktop.ini files with attributes that denote them as such, have you noticed how when you delete the contents of the desktop.ini files whe index.dat files magically become visible?
The conspiracy theory is definetly bullshit, if MS really wanted to hide the files from you then they would've come up with something far more devious, they wouldn't have made the mistake of allowing the administrator to view them or a differant OS like Linux. Another thing is you don't actually have to be admin to view them, you just need read only access to another user area and even the admin can't veiw their own index.dat files, the only person who can't see them is the person who is lodded onto the user area containg them, this is because Windows is interpreting them as your browsing history or temporary Internet files respectivly.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version