Sign in with
Sign up | Sign in
Your question

View or parse contents of index.dat history file

Last response: in Windows 2000/NT
Share
Anonymous
April 19, 2004 7:41:16 PM

Archived from groups: microsoft.public.win2000.file_system,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

I am the network administrator for a police department and we have recently
discovered at least one case of improper internet usage. My chief has
requested that I audit the entire department to see if this was a single
instance of impropriety, or if the problem is more widespread than that. I
feel that the easiest / least obvious way of doing this is by going through
the user profiles that are stored on one of our servers and parsing the
index.dat files. How would I go about doing this. I've found a few 3rd
party programs that will allow me to view the index.dat of the currently
logged on (local) user, but have yet to find anything that will allow me to
parse (and/or print) the index.dat information for other users. I did a
groups.google search before posting this and found many people with similar
questions which never seemed to be answered. Does anyone have any
information that could be useful in my circumstances.

I would prefer a response through this newsgroup, but if you want to contact
me directly, I can be reached at
chrisguynn@police.big-spring.tx.us.PleaseNoSpam just remove the
..PleaseNoSpam.

--
C Guynn

"I cannot undertake to lay my finger on that article of the Constitution
which granted a right to Congress
of expending, on objects of benevolence, the money of their
constituents...." --James Madison
Anonymous
April 19, 2004 8:28:48 PM

Archived from groups: microsoft.public.win2000.file_system,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

I have not tried it myself but if you have not tried it already Foundstone has a free
tool called Pasco that my help. Keep in mind that unless you have strict controls
concerning user access to computers and auditing of user logons and logoffs, you are
going to have a hard time proving who actually did the improper usage. Often people
who do such activity do it on a coworkers computer that they did not lock/logoff of
or even an unauthorized computer on the network such as a laptop. Something like ISA
server would be much better at controlling and tracking internet usage. --- Steve

http://www.foundstone.com/index.htm?subnav=resources/na...
--- Pasco.
http://www.microsoft.com/isaserver/ --- what ISA does,

"Chris Guynn" <chris.guynn@sbcglobal.N.O.S.P.A.M.net> wrote in message
news:wqSgc.11305$vh3.10087@newssvr23.news.prodigy.com...
> I am the network administrator for a police department and we have recently
> discovered at least one case of improper internet usage. My chief has
> requested that I audit the entire department to see if this was a single
> instance of impropriety, or if the problem is more widespread than that. I
> feel that the easiest / least obvious way of doing this is by going through
> the user profiles that are stored on one of our servers and parsing the
> index.dat files. How would I go about doing this. I've found a few 3rd
> party programs that will allow me to view the index.dat of the currently
> logged on (local) user, but have yet to find anything that will allow me to
> parse (and/or print) the index.dat information for other users. I did a
> groups.google search before posting this and found many people with similar
> questions which never seemed to be answered. Does anyone have any
> information that could be useful in my circumstances.
>
> I would prefer a response through this newsgroup, but if you want to contact
> me directly, I can be reached at
> chrisguynn@police.big-spring.tx.us.PleaseNoSpam just remove the
> .PleaseNoSpam.
>
> --
> C Guynn
>
> "I cannot undertake to lay my finger on that article of the Constitution
> which granted a right to Congress
> of expending, on objects of benevolence, the money of their
> constituents...." --James Madison
>
>
Anonymous
April 19, 2004 10:04:24 PM

Archived from groups: microsoft.public.win2000.file_system,microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:47Tgc.160805$gA5.1903298@attbi_s03...
> I have not tried it myself but if you have not tried it already Foundstone
has a free
> tool called Pasco that my help. Keep in mind that unless you have strict
controls
> concerning user access to computers and auditing of user logons and
logoffs, you are
> going to have a hard time proving who actually did the improper usage.
Often people
> who do such activity do it on a coworkers computer that they did not
lock/logoff of
> or even an unauthorized computer on the network such as a laptop.
Something like ISA
> server would be much better at controlling and tracking internet
sage. --- Steve
>
>
http://www.foundstone.com/index.htm?subnav=resources/na...
> --- Pasco.
> http://www.microsoft.com/isaserver/ --- what ISA does,

Thanks. It's a little cumbersome, but it works pretty well. Unfortunately,
the information I want is not part of the roaming profile, so I will have to
connect to each computer separately to run the tests, but it is definitely a
step in the right direction. We aren't looking to prosecute anyone, just to
see if this is a problem that warrants upgraded procedures for detection, so
proving who did it isn't really that big of a problem. I do appreciate the
heads up though and will definitely investigate ISA server much more
closely.

Chris

>
> "Chris Guynn" <chris.guynn@sbcglobal.N.O.S.P.A.M.net> wrote in message
> news:wqSgc.11305$vh3.10087@newssvr23.news.prodigy.com...
> > I am the network administrator for a police department and we have
recently
> > discovered at least one case of improper internet usage. My chief has
> > requested that I audit the entire department to see if this was a single
> > instance of impropriety, or if the problem is more widespread than that.
I
> > feel that the easiest / least obvious way of doing this is by going
through
> > the user profiles that are stored on one of our servers and parsing the
> > index.dat files. How would I go about doing this. I've found a few 3rd
> > party programs that will allow me to view the index.dat of the currently
> > logged on (local) user, but have yet to find anything that will allow me
to
> > parse (and/or print) the index.dat information for other users. I did a
> > groups.google search before posting this and found many people with
similar
> > questions which never seemed to be answered. Does anyone have any
> > information that could be useful in my circumstances.
> >
> > I would prefer a response through this newsgroup, but if you want to
contact
> > me directly, I can be reached at
> > chrisguynn@police.big-spring.tx.us.PleaseNoSpam just remove the
> > .PleaseNoSpam.
> >
> > --
> > C Guynn
> >
> > "I cannot undertake to lay my finger on that article of the Constitution
> > which granted a right to Congress
> > of expending, on objects of benevolence, the money of their
> > constituents...." --James Madison
> >
> >
>
>
Anonymous
January 30, 2009 10:41:30 AM

Try this one Hitory Killer Pro, it's a tool with function for parsing Index.dat files.
!