You spend some time surfing the web, close your browser, and clear your internet history. But is your history really deleted, and is there any way to find out what websites you visited? Read on to see several ways that your deleted browser history can be recovered.
Recovering Deleted Files
Your browser history is stored just like everything else on your computer, as a file (or collection of files). Clearing your browser history merely deletes these files from your hard drive. We’ve written a guide on recovering deleted files that can be used to also recover your browser cache; you just need to know where your browser cache is stored.
Internet Explorer: C:\Users\<username>\AppData\Local\Microsoft\Windows\History
Mozilla Firefox: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder>
Google Chrome: C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default
In all of those directories, replace <username> with the name of the user whose history you wish to recover. Set your recovery software to scan those directories in order to recover history. If you try to browse to any of those folders, you may need to configure explorer to show hidden files.
Inspecting the DNS Cache
Your computer uses DNS servers to resolve hostnames to IP addresses, and these queries are temporarily stored in your DNS cache. When you clear your browser history, your DNS cache is not touched.
To see the list of cached website lookups for your system:
Open a command prompt by typing “cmd” into the start menu.
Then, issue this command:
ipconfig /displaydns
As you can see in the screenshot above, the DNS cache reveals that we have visited howtogeek.com recently. Now, there are a few big caveats to using this approach, so you can’t rely on it as catch-all method for viewing the sites you (or someone else) have visited.
First off, your browser is not the only thing that can cause a DNS lookup to be cached. Application updates, instant messenger, video games, and just about any program you can think of that connects to the internet is going to be using DNS to lookup hostnames. When that’s done, it’s added to the cache the same way it would be if the site were accessed by your browser. To see this in action, try pinging a website that you haven’t recently visited, and then looking at your DNS cache.
ping bing.com
Followed by:
ipconfig /displaydns
You’ll see bing.com (or whatever website you chose to ping) listed in the results, even though you haven’t actually visited that website.
The second drawback with this approach is that you’ll never know the specific pages you visited on any given website, just that you visited the website itself.
Clearing the DNS Cache
After seeing just how easy it is to inspect someone’s DNS cache, you’re probably wondering how to clear it. Anytime your computer is restarted, the cache will be cleared. Otherwise, you can run this command in the command prompt:
ipconfig /flushdns
Router Logs
Some routers give you the ability to log all incoming and outgoing traffic. Every brand of router is going to be different, but this setting will most likely be disabled by default. On Linksys routers, you can pull up the settings (192.168.1.1 in your browser), and navigate to Administration > Log.
Poke around your router settings or consult the manual to find out if yours has the option to log connections, and how to enable it.
Once enabled, you can view the log to see all established connections – you’ll want to filter by outgoing.
Every single connection to your router is going to be listed in this log, so there can be a ton of information (a lot of it irrelevant), and the log can grow very huge very fast. In this example, the router doesn’t resolve the IP addresses to hostnames. A quick search on the internet reveals that this IP address belongs to How-To Geek, so we can deduce that our computer has accessed that website.
What Doesn’t Work
There is a lot of misinformation circulating the internet about ways to recover your browsing history, and a lot of them sound convincing, so you may be inclined to believe them at first. We put a few of the most common methods to the test, and here’s what we found:
Using System Restore
Using three different browsers, we went to a few different websites, and then created a restore point. From there, we cleared the history and proceeded to perform a system restore, in hopes of recovering the history that we had just deleted.
No dice. The browsing history wasn’t recovered for any of the three major browsers we tested: Internet Explorer, Firefox, and Chrome. This is touted as the go-to method in the majority of websites and forums, but it was just a big waste of time when we tried it.
Index.dat Files
There are an abundance of guides that tell you to locate index.dat files and use third party software to open and view them. Index.dat files do indeed contain logs of websites visited, but they aren’t useful if the browsing history has been cleared.
The biggest problem is that modern browsers no longer use index.dat files; the last browser to use them was Internet Explorer 9. So, we ran some tests with Internet Explorer 9, just to see if this method was useful for someone who’s running outdated software. Using Index.dat Suite, we were able to recover some browsing history, but after clearing it, the data inside the index.dat file disappeared.
If you need to grab the browsing history off of a computer before it gets cleared, the index.dat file makes for a good repository of sites visited, but it’s useless if the history is cleared before you can get to it. If you want to investigate index.dat files for yourself, click the link above to download the necessary software, and click the “View History” icon to have the program automatically scan for index.dat files and list the sites your computer has visited.
Where else can my history be recovered from?
It’s worth remembering that your entire internet browsing history is stored somewhere, whether temporarily or permanently, and whether by your ISP, the government, or whoever else decides to cache your list of browsed sites.
Typically, a warrant for the information would be required to get your ISP to release the details. If you really want to maintain complete privacy in regards to what websites you use, check out our articles on Tor and using a VPN.
No comments:
Post a Comment