# How to view Index.dat made from Chrome



## simr (May 13, 2013)

Hi, I downloaded *Index.dat analyzer* to view all accessed sites on my computer from all web browsers, but when I looked through all of the *index.dat* files with the program, I couldn't find any sites that I visit with Google Chrome. Based on my research, sites accessed via Google Chrome also get saved in *index.dat*, so why couldn't I see any of them in the files?

Another question I have is, why do the local files one accesses on his computer (Documents, videos, music, pictures, etc.) get saved to the web browser's history?

Thank you very much in advance!


----------



## downtime (Oct 21, 2002)

Chrome uses a SQLlite format, you won't find it in index.dat. I think history is a unified thing, for example, type a web address into your explorer address bar, or type a folder path into a browser. Regarding the DNS cache, it is likely the same thing. There are lots of other programs on your machine that connect to different addresses/sites. Read this, it pertains to connections other programs make. It will give you an idea of how many addresses you can connect to without any idea you are. http://coactlink.com/web-tracking/


----------



## simr (May 13, 2013)

Thanks downtime for your response!


downtime said:


> Chrome uses a SQLlite format


I know that Firefox uses SQLlite format thus it has files saved with the .sqlite extension in its profile folder (specificly "shccq94q.default" folder), including "places.sqlite" which is its history file. But I didn't know the Chrome also uses SQLlite format, since it doesn't have any files saved with the .sqlite extension like Firefox. And its history file is called "history".



downtime said:


> you won't find it in index.dat.


But I've seen in many places that Chrome does save its history to index.dat as well. Let me give you a few examples:
techpluto.com/how-to-get-back-the-deleted-history-in-google-chrome-2
setuix.com/recover-deleted-chrome-web-history
historyviewer.net/index.html



downtime said:


> I think history is a unified thing, for example, type a web address into your explorer address bar, or type a folder path into a browser.


That probably is the case, though I wonder why they mix the computer history and the web history together like that.


downtime said:


> Regarding the DNS cache, it is likely the same thing. There are lots of other programs on your machine that connect to different addresses/sites. Read this, it pertains to connections other programs make. It will give you an idea of how many addresses you can connect to without any idea you are. http://coactlink.com/web-tracking/


Thanks, that article was most informative.


----------



## downtime (Oct 21, 2002)

The program name suggests that Chrome uses the index.dat file, but that's not the case. The program was probably around and named before Chrome, and added the feature to see Chrome's history. Index.dat is the old IE's file. Now it's WebcacheV01.dat located in C:\Users\[your username]\AppData\Local\Microsoft\Windows\WebCache. 
In Chrome hit ctrl+h to see your history.


----------



## simr (May 13, 2013)

downtime said:


> The program name suggests that Chrome uses the index.dat file, but that's not the case.


Which program? Not sure what you mean.


downtime said:


> The program was probably around and named before Chrome, and added the feature to see Chrome's history.


If you can explain what you mean a little better, I'd appreciate it. Thanks.


downtime said:


> Index.dat is the old IE's file. Now it's WebcacheV01.dat located in C:\Users\[your username]\AppData\Local\Microsoft\Windows\WebCache.


I checked (with system files visible) for *WebcacheV01.dat* in *C:\Users\[your username]\AppData\Local\Microsoft\Windows\WebCache*, and in Vista there's no such file, rather I have the Index.dat files.


downtime said:


> In Chrome hit ctrl+h to see your history.


I know that. I want to have an easy way to view all accessed websites from all browsers on my computer. Especially when you keep in mind the silly way Chrome designed their history page (you have to keep on clicking "older" to go back, and only a few months worth of history available).


----------



## downtime (Oct 21, 2002)

In your links they're talking about a program, Index.dat analyzer. It was likely created and named before Chrome support was added. So even though it's called Index.dat analyzer, it also supports cleaning up other browsers and other versions of browsers that don't use index.dat. Since IE10 they use the new format, WebcacheV01.dat. Vista uses IE9, so it's still using index.dat. As far as seeing all the sites your machine visits, I don't know of a program that will track all connections besides netstat and that would just be a mess to read. I don't use Chrome, but most browsers have a setting for how long to retain history.


----------



## simr (May 13, 2013)

In these 2 links they claim that Microsoft saves Chrome's history in Index.dat and that the Analyzer can find those visited sites in the file.

techpluto.com/how-to-get-back-the-deleted-history-in-google-chrome-2
setuix.com/recover-deleted-chrome-web-history


----------



## simr (May 13, 2013)

Does anyone out there know with certainty whether Chrome's history gets saved in one of the Index.dat files?
If someone knows, I'd very much appreciate it if he can share his knowledge with me. Thanks!


----------



## simr (May 13, 2013)

Hi, I was wondering if *SQLite Database Browser * can be used to view Chrome's *history* file and the various *index* files and a few other ones in the *C:\Users\sim\AppData\Local\Google\Chrome\User Data\Default* folder and a few of its subfolders? And what aboout the *.sqlite* history files of Firefox?



simricht said:


> I want to have an easy way to view all accessed websites from all browsers on my computer. Especially when you keep in mind the silly way Chrome designed their history page (you have to keep on clicking "older" to go back, and only a few months worth of history available).


Also, what's the difference between *SQLite Database Browser* and *SQLite Database Browser Portable*?

Thank you!


----------



## Phantom010 (Mar 9, 2009)

Maybe Nirsoft's *ChromeHistoryView*?


----------



## simr (May 13, 2013)

Well I thank you for that.
Though I'm not sure if I'll actually download it due to the mixed reports I've received on that site from online URL scanners. You can see them here:
*avgthreatlabs*
*virustotal*
*urlvoid*.

What do you think about those URL reports?

Thank you, I really appreciate it!


----------



## Phantom010 (Mar 9, 2009)

I also use VirusTotal to download programs more safely. Look at the report. Only ParetoLogic out of 52 gives it a bad score. ParetoLogic has never really had a good reputation. When people from ESET or Kaspersky say it's safe, I'd tend to believe them. 1/52 is a very good score if you ask me.


----------



## simr (May 13, 2013)

Good point.

But what about these 2:
*avgthreatlabs* - "Potentially Active Malware!", "TYPES OF MALWARE FOUND 4"
*urlvoid* - 3/28

Thank again!


----------



## Phantom010 (Mar 9, 2009)

I've downloaded a whole bunch of programs from Nirsoft. They've all proven to be safe. Some of them, by their nature, can trigger false positives from some security programs. After downloading the installer to your computer, you can scan it again with your own antivirus before installing. It'll be an extra layer of protection.


----------



## simr (May 13, 2013)

Have you downloaded anything from them lately?

Is it possible that they were compromised only recently?


----------



## hewee (Oct 26, 2001)

Been using programs from Nirsoft for years and they are safe. Also no install is needed on most of them so that is great. They have a whole lot of great programs too.


----------



## Phantom010 (Mar 9, 2009)

Just downloaded *ChromeHistoryView* to my computer a few minutes ago and scanned it with ESET's NOD32 and Malwarebytes' Anti-Malware. It's clean.


----------



## simr (May 13, 2013)

Okay, you have me convinced.
I just wanna get your interpretation on this.


----------



## Phantom010 (Mar 9, 2009)

AVG flags it as "potentially" active malware. On the same page, users have rated Nirsoft 85% positive. It's one of the very few scanners that have actually found it to be a threat. I wouldn't worry about it.


----------



## Phantom010 (Mar 9, 2009)

*WOT* gives Nirsoft an excellent rating as well.

Read the comments. They may explain why some security programs can flag Nirsoft.


----------



## simr (May 13, 2013)

Thank you Phantom010.

Though I'm also curious as to what you think of *SQLite Database Browser* (and the portable version) for Firefox.


----------



## Phantom010 (Mar 9, 2009)

I don't have much to say about it. It may be more complicated than what you really need. Or will it really show you what you want? Only way to find out is to try it.


----------



## simr (May 13, 2013)

All I want is a easy way to view the history from all browsers together, and Chrome makes it really difficult to view older history.

One more thing, what's the difference between the portable and non portable version of SQLite Database Browser? Is it that the portable one doesn't need to install, just to run? If that's the case, then what's the need for the other one if the portable is faster and more convenient?


----------



## Phantom010 (Mar 9, 2009)

simricht said:


> One more thing, what's the difference between the portable and non portable version of SQLite Database Browser? Is it that the portable one doesn't need to install, just to run? If that's the case, then what's the need for the other one if the portable is faster and more convenient?


http://portableapps.com/about/what_is_a_portable_app


----------



## simr (May 13, 2013)

simricht said:


> ...If that's the case, then what's the need for the other one if the portable is faster and more convenient?


----------



## Phantom010 (Mar 9, 2009)

On the contrary, speed can be an issue with strickly portable apps. But, it can also be negligeable.

For Pros and Cons on portable apps, read:

http://lifehacker.com/5890856/kick-...-considerably-more-awesome-windows-experience


----------



## simr (May 13, 2013)

Thank you!


----------



## hewee (Oct 26, 2001)

Nirsoft has programs that may show up clean but again once downloaded and used will have your AV or Malware come up because what those programs do. Like the ones to scan for passwords will make most scanners warn you. 
Thing is you know you got a program from a safe site. I have a whole lot of the Nirsoft and love them all.


----------



## Phantom010 (Mar 9, 2009)

simricht said:


> Thank you!


You're welcome!


----------



## simr (May 13, 2013)

Phantom010 said:


> You're welcome!


:up:

And thank you hewee as well, I appreciate it. Tell your avatar that I waved back!


----------



## hewee (Oct 26, 2001)

simricht said:


> :up:
> 
> And thank you hewee as well, I appreciate it. Tell your avatar that I waved back!


You're welcome. The head on the avatar is me so thank you.


----------



## simr (May 13, 2013)

Well then, hi there hewee.


----------



## Phantom010 (Mar 9, 2009)

Hi simricht,

Have you had time to try *ChromeHistoryView *yet? Is it showing you what you need?


----------



## simr (May 13, 2013)

Haven't gotten to it yet, but I definitely plan on it in the next few days. Can let you know if you wish.


----------



## Phantom010 (Mar 9, 2009)

simricht said:


> Haven't gotten to it yet, but I definitely plan on it in the near future. Can let you know if you wish.


Many applications from Nirsoft are ridiculously easy to use. Most do not require any installation, as it's the case for *ChromeHistoryView*. There's only an executable file to run and that's it. So, no junk gets stored of forgotten in the registry.


----------



## hewee (Oct 26, 2001)

simricht said:


> Well then, hi there hewee.


Hi back at you.


----------



## simr (May 13, 2013)

hewee said:


> Hi back at you.


----------



## simr (May 13, 2013)

Phantom010 said:


> Hi simricht,
> 
> Have you had time to try *ChromeHistoryView *yet? Is it showing you what you need?


I tried it and it's very good, I can view all the history of the last 3 months in one long list, without having to press "older" and "newer" the whole time like you have to in Chrome's history page, so that's good. I'm disappointed that you can't go back more than 3 months, but I guess that's Chrome's fault for not saving history that's older than that.

I just hope I didn't download and bring any sneaky bad stuff onto my computer, in light of the mixed URL reports I showed above.


----------



## simr (May 13, 2013)

I browsed *Nirsoft* and downloaded *WinLogOnView*. I was wondering what is the *::1* Network Address? Also, what are those LogOn IDs, and those weird numbers, are they generic or somehow private and exclusive to the spicific computer?

Thank you Phantom010, I really appreciate it!


----------



## Phantom010 (Mar 9, 2009)

Those Network Addresses are the localhost, meaning your computer. It is a hostname that the computer's software and users may employ to access the computer's own network services via its loopback network interface:

*127.0.0.1* is related to the IPv4 protocol.

*::1* is related to the IPv6 protocol.

As for the Logon ID in the event log, it's basically a logon session ID on the local computer. This will allow you to find the user SID (User's Security Identifier), authentication package, logon type, logon server, and when the user logged on and the processes running in that logon session.

More info *HERE*.


----------



## simr (May 13, 2013)

But I have a whole list with hundreds of Log Ons with the normal *127.0.0.1* address which is the computer itself, and only 4 entries in the whole list with the *::1* address, why would that be?

Thank you!


----------



## Phantom010 (Mar 9, 2009)

Maybe that depends on the processes running at that time. IPv6 could have been used in particular situations because the IPv6 protocol is known to be more secure than IPv4. However, if your network enables IPv6 by default but your firewall doesn&#8217;t, which may be the case for many, we&#8217;ll inevitably see more abuse for malicious ends.

I'm on XP and IPv6 is not enabled. 

The Internet is running out of new IP addresses to use with the IPv4 protocol. IPv6 is the next logical step, but you, your Internet Service Provider, your router, your firewall need to be ready for it. And, a lot of them aren't ready yet.

IPv6 is enabled by default on Vista and Windows 7. Some argue that it's not a good idea, some say it is.


----------



## simr (May 13, 2013)

Why wouldn't it be a good idea if it's more secure.
Also, how do I know whether I have it or not? I have a Vista.


----------



## Phantom010 (Mar 9, 2009)

Go *HERE*.


----------



## Phantom010 (Mar 9, 2009)

simricht said:


> Why wouldn't it be a good idea if it's more secure.


For the reasons above.



> if your network enables IPv6 by default but your firewall doesnt, which may be the case for many, well inevitably see more abuse for malicious ends.





> your Internet Service Provider, your router, your firewall need to be ready for it. And, a lot of them aren't ready yet.


----------



## Phantom010 (Mar 9, 2009)

For some ISP's, IPv6 is still in the Beta testing stage.


----------



## Phantom010 (Mar 9, 2009)

simricht said:


> Why wouldn't it be a good idea if it's more secure.


It's "ideally" more secure. Many are still not ready for IPv6.


----------



## simr (May 13, 2013)

Phantom010 said:


> Go *HERE*.


Did it and the site said *"No IPv6 address detected"*.
Which makes me wonder what the *::1* addresses are.


----------



## Phantom010 (Mar 9, 2009)

They are related to IPv6.

What's your operating system?


----------



## simr (May 13, 2013)

Phantom010 said:


> What's your operating system?


Vista

I don't understand something, this is a computer log on, what does it have to do with the internet anyway? Why does a Network Address have anything to do with this?


----------



## Phantom010 (Mar 9, 2009)

When logging onto your computer, all services are enabled, including the Internet...

Go to Network Connections folder (click on Start button, then right-click on Network, select Properties, then click on "Manager network connections" on Tasks pane).

Is the following box checked?


----------



## simr (May 13, 2013)

Phantom010 said:


> When logging onto your computer, all services are enabled, including the Internet...


But there isn't a column for all the services that are enabled. There is however a column for the Network Address, which means there's some connection between the network and Log on, and my question is what?



Phantom010 said:


> Is the following box checked?


It is checked by me.


----------



## Phantom010 (Mar 9, 2009)

If IPv6 is checked, and the site says there's no IPv6, it's probably not enabled in your router settings.


----------



## simr (May 13, 2013)

Phantom010 said:


> If IPv6 is checked, and the site says there's no IPv6, it's probably not enabled in your router settings.


Which begs the question why I have a few *::1* addresses.



simricht said:


> But there isn't a column for all the services that are enabled. There is however a column for the Network Address, which means there's some connection between the network and Log on, and my question is what?


What indeed?


----------



## Phantom010 (Mar 9, 2009)

simricht said:


> Which begs the question why I have a few *::1* addresses.


Maybe because IPv6 is enabled on your Vista computer.



simricht said:


> What indeed?


I think you're asking questions I cannot fully answer. You might try asking Nirsoft directly, assuming they do answer... They'll be much more qualified than I am to answer questions about their own apps.

http://www.nirsoft.net/contact-new.html


----------



## simr (May 13, 2013)

Phantom010 said:


> Maybe because IPv6 is enabled on your Vista computer.


But the router doesn't have it enabled?



Phantom010 said:


> I think you're asking questions I cannot fully answer. You might try asking Nirsoft directly...


It doesn't have to do with Nirsoft, since if you look in the Logons in the Event Viewer it also shows the network addresses such as 127.0.0.1, so Nirsoft is just doing the same thing, so it's really a question about the computer itself and its methods and not about Nirsoft.


----------



## Phantom010 (Mar 9, 2009)

simricht said:


> But the router doesn't have it enabled?


That's for you to check.



simricht said:


> It doesn't have to do with Nirsoft, since if you look in the Logons in the Event Viewer it also shows the network addresses such as 127.0.0.1, so Nirsoft is just doing the same thing, so it's really a question about the computer itself and its methods and not about Nirsoft.


Like I said, it's part of the computer logon process. It simply says where the user was when he logged on. Of course, if logon is initiated from the same computer, this information will reflect the same local computer (127.0.0.1 or ::1), and not from a remote computer.


----------



## simr (May 13, 2013)

Okay, thank you Phantom010!


----------

