[ISN] Microsoft's Really Hidden Files: A New Look At Forensics. (v2.5b)

R. A. Hettinga rah at shipwright.com
Fri Oct 26 12:29:15 EDT 2001


--- begin forwarded text


Status:  U
Date: Fri, 26 Oct 2001 04:54:38 -0500 (CDT)
From: InfoSec News <isn at c4i.org>
To: isn at attrition.org
Subject: [ISN] Microsoft's Really Hidden Files:  A New Look At Forensics.
(v2.5b)
Sender: owner-isn at attrition.org
Reply-To: InfoSec News <isn at c4i.org>

http://www.astalavista.com/library/os/win95-98/mshidden.txt

By The Riddler
October 14, 2001  (v2.0 finished May 16, 2001; v1.0 finished
June 11, 2000)

Written with Windows 9x in mind, but not limited to.

DISCLAIMER:

I will not be liable for any damage or lost information, whether due
to reader's error, or any other reason.

SUMMARY:

There are folders on your computer that Microsoft has tried hard to
keep secret.  Within these folders you will find two major things:
Microsoft Internet Explorer has been logging all of the sites you have
ever visited -- even after you've cleared your history, and
Microsoft's Outlook Express has been logging all of your e-mail
correspondence -- even after you've erased them from your Deleted
Items bin.  (This also includes all incoming and outgoing file
attachments.)  And believe me, that's not even the half of it.

When I say these files are hidden well, I really mean it.  If you
don't have any knowledge of DOS then don't plan on finding these files
on your own.  I say this because these files/folders won't be
displayed in Windows Explorer at all -- only DOS.  (Even after you
have enabled Windows Explorer to "view all files.")  And to top it
off, the only way to find them in DOS is if you knew the exact
location of them.  Basically, what I'm saying is if you didn't know
the files existed then the chances of you running across them is slim
to slimmer.

It's interesting to note that Microsoft does not explain this behavior
adequately at all.  Just try searching on microsoft.com.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo at attrition.org with 'unsubscribe isn' in the BODY
of the mail.

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list