Temporary Internet Files
|This article does not cite any sources. (December 2010)|
Temporary Internet Files is a folder on Microsoft Windows which serves as the browser cache for Internet Explorer to cache pages and other multimedia content, such as video and audio files, from websites visited by the user. This allows such websites to load more quickly the next time they are visited.
Despite the name 'temporary', the cache of a website remains stored on the hard disk until the user manually clears the cache, the cache expires or if the cache is full. This is often regarded as a privacy issue  , because anyone with access to the computer can view the cache. The contents of the folder are indexed using an index.dat file, a form of database.
The Temporary Internet Files cache can be useful in certain situations. For example, if no Internet connection is available, previously cached websites are still available offline. Certain online media files (such as embedded Flash movies) are not easily accessed directly through Internet Explorer, but are automatically saved into the cache after viewing them. Depending on the type of website and how often it is updated, the cached data may not reflect the online version of the website. The cache is also useful for police to collect forensic evidence.
The cache can be cleared by using Internet Options within the Internet Explorer interface, but this method is subject to deletion privacy issues. Many alternative tools exist to erase the data instead.
On Windows XP, the cache is usually located at %USERPROFILE%\Local Settings\Temporary Internet Files (where %USERPROFILE% is an environment variable pointing to the root directory of the logged-in user's user profile). However, the cache may be moved by changing a value in the registry. Occasionally an additional (hidden) cache named "Temporary Internet Files" may appear in %USERPROFILE%\Local Settings\Temp\Temporary Internet Files or in %USERPROFILE%\Local Settings\Temporary Internet Files. This location can only be deleted by manually accessing the folder and removing it.
One scenario that often (albeit not always) leads to the occurrence of this phenomenon proceeds as follows: 1. Malware: 2. Spyware: This is an aid that gathers 3
- User A runs Internet Explorer from his own account, but under the credentials of user B. This is achieved by using the runas command, e.g. runas /user:B iexplore.exe. The functionality of runas is provided and supported by Windows XP Secondary Logon service.
- User A quits Internet Explorer and logs out of his account. However, due to a bug in Windows XP, the svchost.exe process that hosts the Secondary Logon service retains the ownership of critical Internet Explorer data files belonging to user B and located in B's profile directories (for example, index.dat file located in %USERPROFILE%\Local Settings\Temp\Temporary Internet Files\Content.IE5 directory). For this reason these files remain inaccessible for writing.
- User B logs into his account and runs Internet Explorer. Internet Explorer is unable to obtain write access to the aforementioned files, which makes it quietly recreate the supporting directories under the current %TEMP% location as a fail-safe measure. The data from the original directories is not copied to the new ones. Internet Explorer will continue to use the directories under %TEMP% until the files at the original location become writable again.
The only known way to release the lock on the aforementioned files is to reboot the OS. One can also kill the offending instance of svchost.exe, thus releasing the lock, but this normally renders the machine unusable, since it also terminates all the services hosted by the same instance of svchost.exe.
Also, the Windows Webclient (MRxDAV) is, however, known to create temporary copies of downloaded files under C:\Documents and settings\LocalService\Temp\Temporary Internet Files\Content.IE5.
On Windows Vista, the cache for Internet Explorer 7 is usually located at %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 where %LOCALAPPDATA% is an environment variable pointing to %USERPROFILE%\AppData\Local (note that the checkbox for 'Hide protected operating system files' under 'Folder Options' must be unchecked and the 'Show hidden files and folders' option enabled for the files to be visible in Windows Explorer). For all other Trident-based applications, the cache is located at %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files. Like on Windows XP, the location of the cache can be changed by moving the folder location in Internet Explorer or by changing a value in the registry.