What to look for in TEMP folder in Windows XP

We had a situation in our office and we need to know what happened.  All PC has been backed up, My Documents, Outlook and the TEMP folder within the hidden Local Settings folder.

We would like to know if any EE can provide info on what to look for in this folder since it has a lot of junk data.

Any advice is great;y appreciated.
rayluvsAsked:
Who is Participating?
 
optomaConnect With a Mentor Commented:
Look for the index.dat files and use superwinspy to view whats in them regarding websites visited
http://www.acesoft.net/download.htm#winspy

Checking the firewall logs may also help.

Never had to do anything like that but would start with viewing the dat files.
0
 
houssam_balloutCommented:
it seems that you profile had been corrupted, so when you tried to login with your profile, it told you that you will be logged in with a temp account.

Try to create a new user profile and copy the data from TEMP to the new one.

0
 
burmzorzCommented:
I personally would not back up the temp folder as most of what is in there is junk. It is files that you open rather than download. It saves them in there. Any places you may go or files that may be opened on the machine. Quite a few things go in the temp folder and are deleted very quickly. To have a backup of this is not necessary and just takes up space.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
rayluvsAuthor Commented:
I understand that a lot of things goes into the folder, and backing that folder doesn't make sense, but what we want is some insight of searching within that folder in order to help us look for the culprit of the problem we face ion our office.  EE has helped us a lot in many aspect of our technology, I figure maybe EE has experience in this area also, so any help is welcome.

houssam_ballout,

I don't have a problem with profile, its the folder TEMP that every user has within the Local Settings hidden folder.

0
 
burmzorzCommented:
I misunderstood the question. I'm not sure how to look through the files within that folder.
0
 
optomaCommented:
Im not sure what you will achieve looking through the temp folder.
Any possibility on elaborating the "situation"?

If its regarding internet "situation" do you have these folders:
\Local Settings\Temporary Internet Files
and
\Local Settings\Temporary Internet Files\Content.IE5
0
 
rayluvsAuthor Commented:
I can't elaborate too much, but some important information has been taken outside the office and the administration has gone haywire on this.

Its regarding:

\Local Settings\Temporary Internet Files
\Local Settings\Temporary Internet Files\Content.IE5
\Local Settings\Temp

We are currently reviewing these area for any possible link to docs, webpage, etc.  It's just we were curios if EE has advice on this type of issues.



0
 
johnb6767Commented:
"\Local Settings\Temporary Internet Files"

Shell folder for your cache. Path is mandated by the following reg key in the profile.....

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Value=Cache
Shortcut to it is start>run>shell:cache

It is a summary of Cookies, and Temp Internet Files from thier respective locations below.....

%userprofile%\Cookies
Shell:cache\Content.ie5

\Local Settings\Temp
Shortcut to it is %temp%%tmp%. Apps use it as a location to unpack setup files for a new program being installed. Windows uses it to store log files, and performance counter data. And of course viruses use it to play around in......

99 times out of 100 the contents can be ddeleted, until you come across someone that deliberately was storing data there. Not often, but it has happened....

\Local Settings\Temporary Internet Files\Content.IE5
This is a SuperHidden folder that is not visible in the currently logged in user's profile, without modifying the desktop.ini in the "Temporary Internet Files". It can however be accessed in teh current profile by typing it in manually..... This is where a website's GIFs/HTML/ASPX/JPEGS get cached for faster viewing of websites.....

:-)


0
 
johnb6767Commented:
"I can't elaborate too much, but some important information has been taken outside the office and the administration has gone haywire on this."

Not really sure what info you would gain from these 3 folders regarding this though......
0
 
ZahersyedConnect With a Mentor Commented:
IF protection of evidence is critical  you should maintain original integrity of data by taking an image. Its too late in this case , but you can use the below opensource forensic tools in the future. As John mentioned, not sure what you are looking for in those temp folders  but some tools listed can help you speed up the process.

http://www.opensourceforensics.org/tools/windows.html

hope this helps.
Zaher
0
 
rayluvsAuthor Commented:
Thanx to all!  We also don't know what we're supposed to be looking for, but the info provided as given us some insight on the matter.

We'll keep trying.

Thanx
0
 
johnb6767Commented:
Actually some states it is illegal to try and do your own investigative work for use as evidence, unless you are a licensed PI.....
0
 
johnb6767Commented:
And if you knew what you were looking for, im sure we would have better answers....
0
 
rayluvsAuthor Commented:
Thanx all
0
 
optomaCommented:
No prob :)
0
 
johnb6767Commented:
I would have thought at least I would have had a split on this, as I did offer the most details on exactly what the actual question was, which I thought was what goes on in the TEMP folders.....
0
 
rayluvsAuthor Commented:
I reread your input and the info is related to what Temp is.  The question is directed to how to look and search in Temp.  The inputs awarded gave info on ways to look into Temp.

Sorry about that.
0
 
johnb6767Commented:
Thats what I was trying to do.... Explain what the folders are used for, so as to be able to know whats inside of them.... You were very vague in what you wanted, figured it would help if you knew what the folders did....

NP.....
0
 
rayluvsAuthor Commented:
Thanx johnb6767
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.