Microsoft's Really HiddenFiles: A New Look AtForensics. (v2.5b)By The RiddlerOctober 14, 2001 (v2.0finished May 16, 2001; v1.0 finished June 11, 2000)Written with Windows 9xin mind, but not limited to.DISCLAIMER:I will not be liable for anydamage or lostinformation, whether duetoreader's error, or anyother reason.SUMMARY:There are folders on yourcomputer that Microsofthas tried hard to keepsecret. Within thesefolders you will find twomajor things: MicrosoftInternet Explorer hasbeen logging all of thesites you have evervisited --even after you've clearedyour history, andMicrosoft's OutlookExpress hasbeen logging all of your e-mail correspondence --even after you've erasedthem from your DeletedItems bin. (This alsoincludes all incoming andoutgoing fileattachments.) Andbelieve me, that's noteven the half of it.When I say these files arehidden well, I really meanit. If you don't haveany knowledge of DOSthen don't plan on findingthese files on your own. Isay this because thesefiles/folders won't bedisplayed in WindowsExplorer atall -- only DOS. (Evenafter you have enabledWindows Explorer to "view allfiles.") And to top it off,the only way to find themin DOS is if you knewthe exact location ofthem. Basically, what I'msaying is if you didn'tknowthe files existed then thechances of you runningacross them is slim toslimmer.It's interesting to notethat Microsoft does notexplain this behavioradequately at all. Justtry searching onmicrosoft.com.FORWARD:I know there are somepeople out there that arealready aware of some ofthethings I mention. I alsoknow that most peopleare not. The purpose ofthistutorial is teach peoplewhat is really going onwith Microsoft's productsandhow to take control oftheir privacy again. Thistutorial was written byme,so if you see a mistakesomewhere then it is mymistake, and I apologize.Thanks for reading.INDEX:1) DEFINITIONS ANDACRONYMS2) WHY YOU SHOULD ERASETHESE FILES3) HOW TO ERASE THE FILESASAP3.1) If You Own MicrosoftInternet Explorer3.2) Clearing YourRegistry3.3) If You Own OutlookExpress3.4) Slack files3.5) Keeping Microsoft'sProducts4) STEP-BY-STEP GUIDETHROUGH YOUR HIDDENFILES (For the savvy.)5) A LOOK AT OUTLOOK6) HOW MICROSOFT DOES IT7) +S MEANS [S]ECRET NOT[S]YSTEM. THE TRUTH ABOUT FINDFAST8.1) Removing Find Fast9) CONTACT INFORMATIONAND PGP BLOCKS9.1) Recommendedreading10) SPECIAL THANKS11) REFERENCESComing Soon:ω pstores.exeω Related Windows Tricks.ω The NSA-Key.ω Researching the [Microsoft Update] button.ω Why the temp foldersaren't intended to betemporary at all.ω What's with OutlookExpress's .dbx databasefiles?ω Win2k support.1. DEFINITIONS ANDACRONYMSWell, the best definition Ihave been able to comeup with is the following:I) A "really hidden" file/folder is one that cannotbe seen in WindowsExplorer after enabling itto "view all files," andcannot be seen in MS-DOSafter receiving a properdirectory listing from root.a) There is at least oneloophole to enablingWindows Explorer to seethem.b) There is at least oneloophole to enabling MS-DOS to see them.(Interesting to note thatthe "Find: Files or Folders" utility cannot evensearch through one ofthese folders. It doesn'teven exist on the [Browse]menu.)II) Distinguishes "reallyhidden" file/folders fromjust plain +h[idden] ones,such as your "MSDOS.SYS"or "Sysbckup" folder.III) Distinguishes fromcertain "other" intendedhidden files, such as a filewith a name with highascii characters (eg, "�λο¨�").DOS = Disk OperatingSystemMSIE = Microsoft InternetExplorerTIF = Temporary InternetFiles (folder)HD = Hard DriveOS = Operating System2. WHY SHOULD I ERASETHESE FILES?Just from one of thesefiles I would be able totell you which web sitesyoupreviously visited, whattypes of things yousearch for in searchengines, andprobably gather yourethnicity, religion, andsexual preference.Needless tosay, one canbuild quite aprofile on you from thesefiles. It has thepotential to expose andhumiliate -- putting yourmarriage, friendship, andcorporation at risk. Here's one good example of theforensic capabilities...-----------------------------------------------
UNDER MAINTENANCE
Thank you for visiting my site
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
216.73.216.89
Microsoft's Really HiddenFiles: A New Look AtForensics. (v2.5b)By The RiddlerOctober 14, 2001 (v2.0finished May 16, 2001; v1.0 finished June 11, 2000)Written with Windows 9xin mind, but not limited to.DISCLAIMER:I will not be liable for anydamage or lostinformation, whether duetoreader's error, or anyother reason.SUMMARY:There are folders on yourcomputer that Microsofthas tried hard to keepsecret. Within thesefolders you will find twomajor things: MicrosoftInternet Explorer hasbeen logging all of thesites you have evervisited --even after you've clearedyour history, andMicrosoft's OutlookExpress hasbeen logging all of your e-mail correspondence --even after you've erasedthem from your DeletedItems bin. (This alsoincludes all incoming andoutgoing fileattachments.) Andbelieve me, that's noteven the half of it.When I say these files arehidden well, I really meanit. If you don't haveany knowledge of DOSthen don't plan on findingthese files on your own. Isay this because thesefiles/folders won't bedisplayed in WindowsExplorer atall -- only DOS. (Evenafter you have enabledWindows Explorer to "view allfiles.") And to top it off,the only way to find themin DOS is if you knewthe exact location ofthem. Basically, what I'msaying is if you didn'tknowthe files existed then thechances of you runningacross them is slim toslimmer.It's interesting to notethat Microsoft does notexplain this behavioradequately at all. Justtry searching onmicrosoft.com.FORWARD:I know there are somepeople out there that arealready aware of some ofthethings I mention. I alsoknow that most peopleare not. The purpose ofthistutorial is teach peoplewhat is really going onwith Microsoft's productsandhow to take control oftheir privacy again. Thistutorial was written byme,so if you see a mistakesomewhere then it is mymistake, and I apologize.Thanks for reading.INDEX:1) DEFINITIONS ANDACRONYMS2) WHY YOU SHOULD ERASETHESE FILES3) HOW TO ERASE THE FILESASAP3.1) If You Own MicrosoftInternet Explorer3.2) Clearing YourRegistry3.3) If You Own OutlookExpress3.4) Slack files3.5) Keeping Microsoft'sProducts4) STEP-BY-STEP GUIDETHROUGH YOUR HIDDENFILES (For the savvy.)5) A LOOK AT OUTLOOK6) HOW MICROSOFT DOES IT7) +S MEANS [S]ECRET NOT[S]YSTEM.
THE TRUTH ABOUT FINDFAST8.1) Removing Find Fast9) CONTACT INFORMATIONAND PGP BLOCKS9.1) Recommendedreading10) SPECIAL THANKS11) REFERENCESComing Soon:ω pstores.exeω Related Windows Tricks.ω The NSA-Key.ω Researching the [Microsoft Update] button.ω Why the temp foldersaren't intended to betemporary at all.ω What's with OutlookExpress's .dbx databasefiles?ω Win2k support.1. DEFINITIONS ANDACRONYMSWell, the best definition Ihave been able to comeup with is the following:I) A "really hidden" file/folder is one that cannotbe seen in WindowsExplorer after enabling itto "view all files," andcannot be seen in MS-DOSafter receiving a properdirectory listing from root.a) There is at least oneloophole to enablingWindows Explorer to seethem.b) There is at least oneloophole to enabling MS-DOS to see them.(Interesting to note thatthe "Find: Files or Folders" utility cannot evensearch through one ofthese folders. It doesn'teven exist on the [Browse]menu.)II) Distinguishes "reallyhidden" file/folders fromjust plain +h[idden] ones,such as your "MSDOS.SYS"or "Sysbckup" folder.III) Distinguishes fromcertain "other" intendedhidden files, such as a filewith a name with highascii characters (eg, "�λο¨�").DOS = Disk OperatingSystemMSIE = Microsoft InternetExplorerTIF = Temporary InternetFiles (folder)HD = Hard DriveOS = Operating System2. WHY SHOULD I ERASETHESE FILES?Just from one of thesefiles I would be able totell you which web sitesyoupreviously visited, whattypes of things yousearch for in searchengines, andprobably gather yourethnicity, religion, andsexual preference.Needless tosay, one canbuild quite aprofile on you from thesefiles. It has thepotential to expose andhumiliate -- putting yourmarriage, friendship, andcorporation at risk. Here's one good example of theforensic capabilities...-----------------------------------------------