X-Ways Trace: Browser Log Files Deciphered
A computer forensics tool that allows to track and examine web browsing activity and deletion of files through the Windows recycle bin that took place on a certain computer.
Deciphers Internet Explorer's ever-growing internal history/cache file index.dat. Displays complete URLs, date and time of the last visit, user names, file sizes, filename extensions, and more. Allows to sort by any criterion. Reads from one more more files you specify, or searches complete folders and subfolders, or even entire hard disks (or raw images of hard disks) in allocated space, free space, and slack space, for traces of someone having surfed the Internet. Occassionally, accesses to local files are logged, too. You may search for specific domain, file, and user names.
Also deciphers the browser history file "history.dat" produced by Mozilla/Firefox and the browser cache file "dcache4.url" created by the Opera browser.
Also deciphers the hidden Windows recycle bin file info2 located in every Recycled/Recycler folder. Displays the original path and filename, date and time of deletion, file size, and more, sometimes even if the recycle bin has been emptied.
All the details compiled by X-Ways Trace can be exported to MS Excel. The files/disks examined by X-Ways Trace will not be altered by the examination. X-Ways Trace is part of Evidor, but can be ordered separately. Other available languages:
一款电脑使用情况监控工具,对某台指定计算机追踪和检查网络浏览活动和通过回收站所做的文件删除操作。通过分析Internet Explorer的内部历史记录和缓存文件index.dat,显示所有URL/上次访问的时间和日期/用户名/文件大小/文件扩展名等,可以以指定条件排序。可以搜索你指定的某个文件或者搜索整个目录及子目录,乃至整个硬盘(或者硬盘的RAW格式镜像)中已用空间、未用/闲置空间,去追查是否有人曾在 Internet冲浪,也可记录对本地文件的访问,你可以搜索指定的域名、文件和用户名。通过破解隐藏在windows回收站中的二进制文件info2,能显示原路径和文件名,删除的日期和时间,文件大小等,有时即使回收站已被清空也可以搜索。X-Ways Trace 得到的所有详细资料可以导出为MS Excel。检查时不会更改文件和磁盘的数据。