- You are here:
- Home »
- Blog »
- Computer Technician Tools »
- IEHistoryView – View Internet Explorer History
IEHistoryView – View Internet Explorer History
IEHistoryView is a small, freeware and portable tool that displays the Internet Explorer history on a users computer. The application will show you the URL of the site the user has visited, the title of the website, how many times they went there and the last time they visited that site. It also allows you to remove specific entries from the history and export the history to a text, HTML or XML file. It also supports command line options for all you scripters out there.
So how could this be used by us Technicians and who uses Internet Explorer anymore?
Internet Explorer is still heavily used in corporate environments and many residential clients don’t even know there are alternatives to Internet Explorer. As for the usage of this application, many technicians on the Technibble forums have been asked by the owner of a business to look at what sites the employees has been visiting on company machines.
Other Technicians have used it to show certain customers that they are still visiting dangerous websites when they keep reinfecting their computer and accuse the technician of not cleaning it properly the last time.
Screenshots:
Downloads:
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
We use this occasionally in IT at work if a supervisor asks us to check a specific user’s history… it is easier than approaching them at their desk and snooping. The Internet filter is good, but it only provides URL, Time, & IP address.
With IEHV:
\\computername\c$\Documents and Settings\username\LocalSettings\History
Typically, really bad stuff is a pain to track down… I have to check DHCP to see if that lease is still valid for that time-frame (or it could be a different computer assigned that IP), then look at a chart to figure out what site, logon to that site’s MDF switch then ping the IP address and do a “show arp” to get the MAC address… if the MAC address is on a port where media type is SX (Fiber) then that means the computer in question is on a different switch connected to the one I am on… “show cdp/lldp/lacp neighbors” depending enumerates how the switches are connected. Once I have the port the offending computer/user are connected to I can sniff traffic for just that port via configuring the switch to mirror that port for logging or compare it with the patch panel to find out who’s office.
Kind of a pain.
Another very handy tool in this vein is Pasco (google Pasco+foundstone) – converts index.dat file(s) into text file(s).
Great tool and I like your suggestion to use it to educate users. I have done this several times and initially used it when a client disputed a bill for removing viruses from the same computer twice in 3 days. I had dumped the history and showed it to him. He paid the bill.
Great tool for those residential customer that wonder how their teen’s computer gets so messed up :) “Do you know where your children are?” I’m writing an ebook for parents about cyber-safety. Good tool to reference. Thanks
Ahh…I see theirs a similar utility for Firefox on the download site. Perfect.
can we still be able to track IE history if we use cleaning tools such as ccleaner, tuneup utilities?
@paulcrousel: It depends if the tool specifically clears the index.dat files as far as IE is concerned. The cache, cookies & history files etc can be removed without doing so which still leaves the index.dat file(s) behind.That still contains URLs and local file access records too. There is no such equivalent with other non MS browsers so clearing history from those does exactly that.As far as I’m aware anyway.
I am soooo having fun with this at work. Here’s an interesting story and pseudo thread hijack…
A low level executive in the company told me there were complaints about a supervisor who was showing inappropriate content to other employees via personal web mail. I was asked to see if I could track it.
In going through all of the web logs for all of the employees (I don’t want to profile) I noticed one IP was spending an inordinate amount of time on craigslist.com. Closer inspection showed this employee was checking craigslist from first thing, till lunch, -for prostitutes-, and then after lunch was checking various free porn sites.
There was so much porn surfing I thought it was some sort of click through virus or dialer type trojan. How could someone have this much time to surf porn? Later a virus scan proved there was no such infection.
Got him I thought to myself. I pared the logs down for this particular IP, for an entire week, and the trend was obvious. Hookers in the morning – free porn after lunch.
Double checking the IP before I go pointing fingers, I find it’s an upper level executive, and a good friend of the big boss!
What do I do? Do I risk telling the big boss his buddy is surfing porn on the company dime, and hope the boss doesn’t laugh it off and immediately forgive his buddy? Leaving me with an exec level enemy?
Do I do nothing?
Do I keep the information to myself and send it to the guy in a manila envelope with magazine cutout letters giving directions for a money drop or his wife finds out about his computer habits?
I still have my job and the logs from this guys surfing habits. I’m rather proud of the way I handled it, but sadly no richer :(
Here’s what I did.
I sent him an email and said that I’ve had complaints about some employees in another dept misusing Internet, and that I would be monitoring all Internet activity (so as not to profile), starting next Monday. I closed with the standard “Please don’t hesitate to call me with any questions.”
The next day his Internet habits cleaned up dramatically. For curiosity I would check him every so often and he was never a bad boy again.
The end.
I was charged with the unfortunate task of obtaining proof that an employee was “misusing” a computer during work hours.
I tried IEHistoryView, but it would show the time I ran the program as the last visited time. That, of course, was not helpful. I ended up going to the history, and screen capping the contents of every domain. 78 pages later, my brain needed a bath.
On the bright side, the history did contain an entry for My Computer, which was kind enough to have the exe of the fake AV infecting the system. I just wish I thought to make a copy before deleting it, as it was not picked up by SUPER or MalwareBytes.