Jump to content

Does CCleaner clean deeply hidden MS history files?


Jabber Wock

Recommended Posts

Hi,

 

Recently I came across this article (sorry I did not create the URL so please do not beat me up about the URL):

 

http://www.f***microsoft.com/content/ms-hidden-files.shtml

 

The article is a bit old and some of it no longer applies, but the basic concept remains: there are truly hidden files that are deeply embedded within Windows and contain detaild history of every site you have accessed etc. Does CCleaner delete these to the extent that a "forensics" tool will not find the files ? Some of the files mentioned in the article can only be removed by rebooting in "Safe Mode" and going into a MS DOS prompt. Does CCleaner kill those files in some other way?

 

TIA!

 

JW

Link to comment
Share on other sites

From what I read, admittedly not all of it, that's a pretty paranoid article (written 7 years ago!) that goes to strange lengths to make the deletion of these files look harder than it is. Most of the files it mentions are well known about and are cleaned by CCleaner (I may have missed some but got bored reading it) and are overwritten by CCleaner to prevent recovery (with the exception of the index.dat file which is deleted normally at restart).

 

And don't get hung up on 'forensic recovery', this has been discussed here recently and is thought to be a bit of a myth now, just overwriting (as CCleaner does) should do the trick for most purposes. Besides if you have anything on your computer that there would be any need to recover forensically then you shouldn't have naughty stuff there in the first place ;)

Link to comment
Share on other sites

From what I read, admittedly not all of it, that's a pretty paranoid article (written 7 years ago!) that goes to strange lengths to make the deletion of these files look harder than it is. Most of the files it mentions are well known about and are cleaned by CCleaner (I may have missed some but got bored reading it) and are overwritten by CCleaner to prevent recovery (with the exception of the index.dat file which is deleted normally at restart).

 

And don't get hung up on 'forensic recovery', this has been discussed here recently and is thought to be a bit of a myth now, just overwriting (as CCleaner does) should do the trick for most purposes. Besides if you have anything on your computer that there would be any need to recover forensically then you shouldn't have naughty stuff there in the first place ;)

 

Thanks for the post. As for having naughty stuff, I am not so concerned with people finding naughty stuff as with bad guys /black hats finding my sensitive info in case my computer is stolen etc. I am assuming that a bad guy / black hat will have full access to deep forensics tools, as a "worst case scenario". I keep all my sensitive files in an encrypted volume but this still leaves out any files that the system maintains such as index.dat. By now I would not be surprised if there are some other places where the same data is stored since index.dat is common knowledge by now. I travel frequently so I make the assumption that it could be lost or stolen at any time.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.