Hello there.

I am a Forensic IT Investigator, and I have ran an experiment with various wiping tools that are commonly available. I set CCleaner to wipe 3 times. I then examined the test HDD using Encase V6.14

While CCleaner correctly wiped the files in the Temp Internet folder (as well as overwriting the relevant MFT entries), it did not touch the index.dat at all. All of the history entries could easily be seen, the file was completely intact.

Can you pease provide an explanation?

The test system O/S is the latest Windows 7 RC.

After a reboot of the machine the dat should be clean

ccleaner marks the dat for deletion at reboot

wow o wow Glad to hear from a FITS that they approve of other parts of the program

Also windows 7 is in testing for a little longer with the devs of CCLeaner (Starting with ie8 dat.s are everywhere and so it seems to be a bit harder to track them and clean them when asked for and not clean them when not)

(BTW I'm just a user not a team member or developer)

After a reboot of the machine the dat should be clean

ccleaner marks the dat for deletion at reboot

wow o wow Glad to hear from a FITS that they approve of other parts of the program

Also windows 7 is in testing for a little longer with the devs of CCLeaner (Starting with ie8 dat.s are everywhere and so it seems to be a bit harder to track them and clean them when asked for and not clean them when not)

(BTW I'm just a user not a team member or developer)

That's interesting. I'll try it and report back.

Credit where credit is due - so far it does exactly what it says on the tin.

Forensic IT Investigator that does not know indext.dat are always open when Windows is running. Hence why they cant be deleted. which is why ccleaner should be run at startup.

Forensic IT Investigator that does not know indext.dat are always open when Windows is running. Hence why they cant be deleted. which is why ccleaner should be run at startup.

So we are supposed to know everything about everything?

How about you lose your attitude problem? The other forum manner made the situation clear without being rude. Perhaps try that next time.

I didn't mean to come across as offensive. It's the internet and how we say(type things) can not always be put into context. So for that i'm sorry.

I just found it midly amusing that you being a IT Investigator that you didn't investigate what the file was.

Hello The Mad Rapper

Welcome to the forum by the way.

Let us know how things go won't you?

I'm sure member Nergal would be more than pleased to answer any of your queries

Hi, The Mad Rapper. Welcome

I would be interested to learn if the index.dat was wiped after the reboot. I did the same experiment a long time ago w/ Win XP and it was wiped. Takes a long time to check that out thoroughly, so I would like to hear what you found out.

By the way check out sdelete from sysinternals...it fills your free space with ZZZZZs.

By the way too, I don't think anyone intended to be rude. Nobody here usually is.

By the way too, I don't think anyone intended to be rude. Nobody here usually is.

I really didn't, I guess me sense of humour isn't every ones.

There is a fundamental error here.

Perhaps it is me, but I think it is every-one else that is not marching in step ! ! !

But I am willing to continue learning.

Is every one agreed on the definition of "Wipe files" ?

To me that implies use of Options -> Settings -> Secure File Deletion, using 1, 3, 7, or 35 passes.

I have always understood that index.dat could not be purged under Windows,

and that all CCleaner could do was "mark it for deletion".

I also assumed that this "mark" told the O.S. at next start-up to delete the file,

after which a new empty file is automatically created.

Question.

Now that CCleaner can do a 35 pass wipe,

does Windows also honour that requirement when deleting Index.dat ?

And if so how ?

Regards

Alan

You're right Alan, that is how I understand CC 'cleans' index.dat files. But then again CC has never claimed to be a forensic cleaner, and more fool they who think so. Well, I suppose it keeps them happy.

CCleaner should be able to mark and MOVE the file to another location on disk, on reboot, and then after the move it can multi-pass wipe it.

Alan thats a great insight, and something simular to what i have always wondered about browsers ability to actually clear history. Does it actually wipe the history or delete normal just to satisfy the user???

Moral of the story is. dont use IE

CCleaner should be able to mark and MOVE the file to another location on disk, on reboot, and then after the move it can multi-pass wipe it.

YEAH....what he said!! So the question, back at The Mad Rapper, is "did it do it"?