X-Ways
·.·. Computer forensics software made in Germany .·.·
 
 

X-Ways Trace: Browser Log Files Deciphered

X-Ways Trace 3.1
not updated any more for a long time

X-Ways Trace
200 KB

Download
eval. version

A computer forensics tool that allows to track and examine web browsing activity and deletion of files through the Windows recycle bin that took place on a certain computer. Last updated in June 2008, not tested with newer browser versions. Superseded by similar functionality in X-Ways Forensics 16.5.

Deciphers Internet Explorer's ever-growing internal history/cache file index.dat. Displays complete URLs, date and time of the last visit, user names, file sizes, filename extensions, and more. Allows to sort by any criterion. Reads from one more more files you specify, or searches complete folders and subfolders, or even entire hard disks (or raw images of hard disks) in allocated space, free space, and slack space, for traces of someone having surfed the Internet. Occassionally, accesses to local files are logged, too. You may search for specific domain, file, and user names.

Also deciphers the browser history file "history.dat" produced by Mozilla/Firefox and the browser cache file "dcache4.url" created by the Opera browser.

All the details compiled by X-Ways Trace can be exported to MS Excel. The files/disks examined by X-Ways Trace will not be altered by the examination. X-Ways Trace is part of Evidor, but can be ordered separately. Other available languages: .  

 

Newsletter subscription
Would you like to be kept informed of updates? Please enter your e-mail address:

Recommend X-Ways Trace via e-mail

 

From the Microsoft Knowledge Base Article 322916:

The Internet Explorer Index.dat File in the History Folder May Become Very Large.

The information in this article applies to: Microsoft Internet Explorer 5.5 for Windows NT 4.0, 5.01 for Windows NT 4.0, 5.0 for Windows NT 4.0, 5.5 for Windows 98, 5.01 for Windows 98, 5.0 for Windows 98, 5.5 for Windows 2000, 5.01 for Windows 2000, 5.0 for Windows 2000, version 6 for Windows 98/Windows NT 4.0/Windows 2000/Windows XP.

Symptoms: The Internet Explorer Index.dat file in the History folder may become very large over time.  

Cause: The Index.dat file is never resized or deleted. Clearing the Internet Explorer history by clicking the Clear History button on the General tab in the Internet Options dialog box does not change the size of the Index.dat file. Also, setting the Days to keep pages in history value to 0 (zero) on the General tab does not change the size of the Index.dat file. The pre-allocated space in the Index.dat file increases Internet Explorer performance.

 

X-Ways Trace screenshot