Talk:Internet Explorer History File Format

From ForensicsWiki
Revision as of 07:15, 19 June 2007 by Kristofer (Talk | contribs) (Bunch of ideas - move as DAT, add file locations, add a link, note differences between different index.dat files)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Planning on doing the following, any comments, ideas, objections?:

Move as DAT

I think this page should be moved as "DAT" and then let all Internet Explorer History File Format links redirect to the format DAT. Then in the DAT page, a little about how .dat is a common extention used by many programs to name their data files, and then the majority of the page about index.dat files specifically. --Kristofer 00:15, 19 June 2007 (PDT)

File Locations

After moving, more of the major file locations of the index.dat should be added too. I will type out the full paths later, but quickly for example, the temp internet files, cookies, history, userdat, folders. Also the ones in the system account in the windows directory, and note other accounts exist like the all users, administrator, network account, and i386 folder doesn't count does it? Also, correct me if I'm wrong, but the Content.IE6 and History.IE6 folders should be Content.IE5 and History.IE5, regardless of IE 5, 6, or 7 being installed. --Kristofer 00:15, 19 June 2007 (PDT)

Links is a great link in my opinion going through the methods of discovering the format of this unofficially documented file. It would be great, through the help of everyone, to fill in the missing parts of the general format and outline it here, for future programmers needing to do forensics with these files. --Kristofer 00:15, 19 June 2007 (PDT)

Different Formats of index.dat

We can write about the differences between the temporary internet files index.dat file, history index.dat file, and cookies index.dat file, while including the file paths of the other index.dat files but not emphasising on them, like the one in UserData folders.

Speaking about the three major ones seperately is important because some things are differen't between them, like the REDR tag is not in any history index.dat files, yet we have it listed on the current page. And in the URL tag, in the temporary internet files index.dat, the file name of the local cached file is specified with the originating URL. Another difference off the top of my head, the history index.dat files include page title names, and temporary internet files index.dat doesn't. --Kristofer 00:15, 19 June 2007 (PDT)