What to look for in TEMP folder in Windows XP

We had a situation in our office and we need to know what happened.  All PC has been backed up, My Documents, Outlook and the TEMP folder within the hidden Local Settings folder.

We would like to know if any EE can provide info on what to look for in this folder since it has a lot of junk data.

Any advice is great;y appreciated.
rayluvsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

houssam_balloutCommented:
it seems that you profile had been corrupted, so when you tried to login with your profile, it told you that you will be logged in with a temp account.

Try to create a new user profile and copy the data from TEMP to the new one.

0
burmzorzCommented:
I personally would not back up the temp folder as most of what is in there is junk. It is files that you open rather than download. It saves them in there. Any places you may go or files that may be opened on the machine. Quite a few things go in the temp folder and are deleted very quickly. To have a backup of this is not necessary and just takes up space.
0
rayluvsAuthor Commented:
I understand that a lot of things goes into the folder, and backing that folder doesn't make sense, but what we want is some insight of searching within that folder in order to help us look for the culprit of the problem we face ion our office.  EE has helped us a lot in many aspect of our technology, I figure maybe EE has experience in this area also, so any help is welcome.

houssam_ballout,

I don't have a problem with profile, its the folder TEMP that every user has within the Local Settings hidden folder.

0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

burmzorzCommented:
I misunderstood the question. I'm not sure how to look through the files within that folder.
0
optomaCommented:
Im not sure what you will achieve looking through the temp folder.
Any possibility on elaborating the "situation"?

If its regarding internet "situation" do you have these folders:
\Local Settings\Temporary Internet Files
and
\Local Settings\Temporary Internet Files\Content.IE5
0
rayluvsAuthor Commented:
I can't elaborate too much, but some important information has been taken outside the office and the administration has gone haywire on this.

Its regarding:

\Local Settings\Temporary Internet Files
\Local Settings\Temporary Internet Files\Content.IE5
\Local Settings\Temp

We are currently reviewing these area for any possible link to docs, webpage, etc.  It's just we were curios if EE has advice on this type of issues.



0
optomaCommented:
Look for the index.dat files and use superwinspy to view whats in them regarding websites visited
http://www.acesoft.net/download.htm#winspy

Checking the firewall logs may also help.

Never had to do anything like that but would start with viewing the dat files.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
johnb6767Commented:
"\Local Settings\Temporary Internet Files"

Shell folder for your cache. Path is mandated by the following reg key in the profile.....

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Value=Cache
Shortcut to it is start>run>shell:cache

It is a summary of Cookies, and Temp Internet Files from thier respective locations below.....

%userprofile%\Cookies
Shell:cache\Content.ie5

\Local Settings\Temp
Shortcut to it is %temp%%tmp%. Apps use it as a location to unpack setup files for a new program being installed. Windows uses it to store log files, and performance counter data. And of course viruses use it to play around in......

99 times out of 100 the contents can be ddeleted, until you come across someone that deliberately was storing data there. Not often, but it has happened....

\Local Settings\Temporary Internet Files\Content.IE5
This is a SuperHidden folder that is not visible in the currently logged in user's profile, without modifying the desktop.ini in the "Temporary Internet Files". It can however be accessed in teh current profile by typing it in manually..... This is where a website's GIFs/HTML/ASPX/JPEGS get cached for faster viewing of websites.....

:-)


0
johnb6767Commented:
"I can't elaborate too much, but some important information has been taken outside the office and the administration has gone haywire on this."

Not really sure what info you would gain from these 3 folders regarding this though......
0
ZahersyedCommented:
IF protection of evidence is critical  you should maintain original integrity of data by taking an image. Its too late in this case , but you can use the below opensource forensic tools in the future. As John mentioned, not sure what you are looking for in those temp folders  but some tools listed can help you speed up the process.

http://www.opensourceforensics.org/tools/windows.html

hope this helps.
Zaher
0
rayluvsAuthor Commented:
Thanx to all!  We also don't know what we're supposed to be looking for, but the info provided as given us some insight on the matter.

We'll keep trying.

Thanx
0
johnb6767Commented:
Actually some states it is illegal to try and do your own investigative work for use as evidence, unless you are a licensed PI.....
0
johnb6767Commented:
And if you knew what you were looking for, im sure we would have better answers....
0
rayluvsAuthor Commented:
Thanx all
0
optomaCommented:
No prob :)
0
johnb6767Commented:
I would have thought at least I would have had a split on this, as I did offer the most details on exactly what the actual question was, which I thought was what goes on in the TEMP folders.....
0
rayluvsAuthor Commented:
I reread your input and the info is related to what Temp is.  The question is directed to how to look and search in Temp.  The inputs awarded gave info on ways to look into Temp.

Sorry about that.
0
johnb6767Commented:
Thats what I was trying to do.... Explain what the folders are used for, so as to be able to know whats inside of them.... You were very vague in what you wanted, figured it would help if you knew what the folders did....

NP.....
0
rayluvsAuthor Commented:
Thanx johnb6767
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.