View or parse contents of index.dat history file

Archived from groups: microsoft.public.win2000.file_system,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

I am the network administrator for a police department and we have recently
discovered at least one case of improper internet usage. My chief has
requested that I audit the entire department to see if this was a single
instance of impropriety, or if the problem is more widespread than that. I
feel that the easiest / least obvious way of doing this is by going through
the user profiles that are stored on one of our servers and parsing the
index.dat files. How would I go about doing this. I've found a few 3rd
party programs that will allow me to view the index.dat of the currently
logged on (local) user, but have yet to find anything that will allow me to
parse (and/or print) the index.dat information for other users. I did a
groups.google search before posting this and found many people with similar
questions which never seemed to be answered. Does anyone have any
information that could be useful in my circumstances.

I would prefer a response through this newsgroup, but if you want to contact
me directly, I can be reached at
chrisguynn@police.big-spring.tx.us.PleaseNoSpam just remove the
..PleaseNoSpam.

--
C Guynn

"I cannot undertake to lay my finger on that article of the Constitution
which granted a right to Congress
of expending, on objects of benevolence, the money of their
constituents...." --James Madison
3 answers Last reply
More about view parse contents index history file
  1. Archived from groups: microsoft.public.win2000.file_system,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

    I have not tried it myself but if you have not tried it already Foundstone has a free
    tool called Pasco that my help. Keep in mind that unless you have strict controls
    concerning user access to computers and auditing of user logons and logoffs, you are
    going to have a hard time proving who actually did the improper usage. Often people
    who do such activity do it on a coworkers computer that they did not lock/logoff of
    or even an unauthorized computer on the network such as a laptop. Something like ISA
    server would be much better at controlling and tracking internet usage. --- Steve

    http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/freetools.htm
    --- Pasco.
    http://www.microsoft.com/isaserver/ --- what ISA does,

    "Chris Guynn" <chris.guynn@sbcglobal.N.O.S.P.A.M.net> wrote in message
    news:wqSgc.11305$vh3.10087@newssvr23.news.prodigy.com...
    > I am the network administrator for a police department and we have recently
    > discovered at least one case of improper internet usage. My chief has
    > requested that I audit the entire department to see if this was a single
    > instance of impropriety, or if the problem is more widespread than that. I
    > feel that the easiest / least obvious way of doing this is by going through
    > the user profiles that are stored on one of our servers and parsing the
    > index.dat files. How would I go about doing this. I've found a few 3rd
    > party programs that will allow me to view the index.dat of the currently
    > logged on (local) user, but have yet to find anything that will allow me to
    > parse (and/or print) the index.dat information for other users. I did a
    > groups.google search before posting this and found many people with similar
    > questions which never seemed to be answered. Does anyone have any
    > information that could be useful in my circumstances.
    >
    > I would prefer a response through this newsgroup, but if you want to contact
    > me directly, I can be reached at
    > chrisguynn@police.big-spring.tx.us.PleaseNoSpam just remove the
    > .PleaseNoSpam.
    >
    > --
    > C Guynn
    >
    > "I cannot undertake to lay my finger on that article of the Constitution
    > which granted a right to Congress
    > of expending, on objects of benevolence, the money of their
    > constituents...." --James Madison
    >
    >
  2. Archived from groups: microsoft.public.win2000.file_system,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:47Tgc.160805$gA5.1903298@attbi_s03...
    > I have not tried it myself but if you have not tried it already Foundstone
    has a free
    > tool called Pasco that my help. Keep in mind that unless you have strict
    controls
    > concerning user access to computers and auditing of user logons and
    logoffs, you are
    > going to have a hard time proving who actually did the improper usage.
    Often people
    > who do such activity do it on a coworkers computer that they did not
    lock/logoff of
    > or even an unauthorized computer on the network such as a laptop.
    Something like ISA
    > server would be much better at controlling and tracking internet
    sage. --- Steve
    >
    >
    http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/freetools.htm
    > --- Pasco.
    > http://www.microsoft.com/isaserver/ --- what ISA does,

    Thanks. It's a little cumbersome, but it works pretty well. Unfortunately,
    the information I want is not part of the roaming profile, so I will have to
    connect to each computer separately to run the tests, but it is definitely a
    step in the right direction. We aren't looking to prosecute anyone, just to
    see if this is a problem that warrants upgraded procedures for detection, so
    proving who did it isn't really that big of a problem. I do appreciate the
    heads up though and will definitely investigate ISA server much more
    closely.

    Chris

    >
    > "Chris Guynn" <chris.guynn@sbcglobal.N.O.S.P.A.M.net> wrote in message
    > news:wqSgc.11305$vh3.10087@newssvr23.news.prodigy.com...
    > > I am the network administrator for a police department and we have
    recently
    > > discovered at least one case of improper internet usage. My chief has
    > > requested that I audit the entire department to see if this was a single
    > > instance of impropriety, or if the problem is more widespread than that.
    I
    > > feel that the easiest / least obvious way of doing this is by going
    through
    > > the user profiles that are stored on one of our servers and parsing the
    > > index.dat files. How would I go about doing this. I've found a few 3rd
    > > party programs that will allow me to view the index.dat of the currently
    > > logged on (local) user, but have yet to find anything that will allow me
    to
    > > parse (and/or print) the index.dat information for other users. I did a
    > > groups.google search before posting this and found many people with
    similar
    > > questions which never seemed to be answered. Does anyone have any
    > > information that could be useful in my circumstances.
    > >
    > > I would prefer a response through this newsgroup, but if you want to
    contact
    > > me directly, I can be reached at
    > > chrisguynn@police.big-spring.tx.us.PleaseNoSpam just remove the
    > > .PleaseNoSpam.
    > >
    > > --
    > > C Guynn
    > >
    > > "I cannot undertake to lay my finger on that article of the Constitution
    > > which granted a right to Congress
    > > of expending, on objects of benevolence, the money of their
    > > constituents...." --James Madison
    > >
    > >
    >
    >
  3. Try this one Hitory Killer Pro, it's a tool with function for parsing Index.dat files.
Ask a new question

Read More

File System Microsoft Windows