TotalRecall

Category
Utilities
Access Control Utilities

Review

A lot of different information about a user's activity is kept within the personal computer. Usually the user does not know about its existence. TotalRecall is a free forensic analysis tool to reconstruct Microsoft Internet Explorer (MS IE) activity and some user's activity on the computer. IE caches URLs which were visited by users. MS IE stores its Internet activity in index.dat files. These files are binary database files, which are used by Microsoft as the file type for storing several different sets of information. Included among these files are user data, Internet cookies, and Internet history storage. These files are found scattered throughout the users' profile folders. Because browser activity files are in binary form, special tools are required to read them. Now, our program investigates: IE activity, IE history, IE cookie, IE favorites and user's activity (recent files and folders, not erased temporary files). After processing, the information from the source is loaded into the appropriate table (all information for the current user may be completed automatically). It is possible to open the file by the program with which it is associated just by double clicking on a selected line of a table. When you select the image from the table its thumbnail is shown at the bottom right corner and it helps you preview the pictures using a built-in viewer. Any table may be sorted by columns in any order. Find-command locates the row of a table containing the regular occurrence of the search string. The table context menu provides quick access to useful commands (Open, Open with…, Open Folder, Copy/Move to…, etc.). The contents of any table may be exported to an .XML or a .TXT file. The program allows collecting data for all tables or for some tables depending upon the criteria set. The program determines the language of your installation of Windows and sets the working language in accordance with corresponding language file (if it exists) then sets it as default.


Search

Recent searches