Tip

INDEX.DAT tool helps admins see what users browsed in IE

Serdar Yegulalp, Contributor
Windows uses a file named INDEX.DAT primarily as a way to store metadata about files that Internet Explorer has downloaded and cached. I've usually discussed this file in terms of its occasionally getting corrupted and needing to be deleted (usually with a third-party utility) in order for IE to work properly.

Now let's discuss what details the file contains and how to examine them.

Programmer Steven Gould has written a handy utility called

    Requires Free Membership to View

    Login

Index Dat Spy, which allows users to explore their system for INDEX.DAT files and examine the contents. This can be useful for administrators, since they'd be able to perform some limited forensics by inspecting the INDEX.DAT files for details about what the user has browsed through IE. It can also help programmers determine whether or not IE is behaving correctly when it encounters certain material (such as a site they've put together).

Once installed, the program can either open an INDEX.DAT file of the user's choosing, or scan the whole system for existing INDEX.DAT files. Note: The scan does not discriminate between INDEX.DAT files that are in the current user's profile or any others that it finds; it just looks for anything that fits the bill. The most common location for the currently logged-in user's IE INDEX.DAT file is either in %userprofile%\Cookies or %userprofile%\Local Settings\History\History.IE5\, which are typically hidden directories.

When you open a valid INDEX.DAT file, you'll get a list of the type of record entries in the file, the data in each entry, its size (typically 128 or 256 bytes), the modified/access dates and the cache directory or filename (if applicable). Every now and then you might come across a record marked "BAD FOOD" (it's actually a hex value, 0BADF00Dh—get it?). This is a record that was previously deleted, and has been overwritten with those values in a repeating sequence.

You can't edit the records in an INDEX.DAT file; that's something that should only typically be done by IE itself. But you can save a .CSV or plaintext file that contains a report of the data harvested, which can be useful for further analysis.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter, which is devoted to hints, tips, tricks, news and goodies for Windows NT, Windows 2000 and Windows XP users and administrators. He has more than 10 years of Windows experience under his belt, and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.

More information on this topic:


This was first published in October 2006

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top