Skip to content
Snippets Groups Projects
New look
Closed (moved) Windows Prefetch records the Tor Browser Bundle
  • View options

    • Windows Prefetch records the Tor Browser Bundle

  • View options
    • Closed (moved) Issue created by Runa Sandvik

    A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on Windows 7 showed that the Windows Prefetcher keeps records of the different Tor Browser Bundle applications:

    • C:\Windows\Prefetch\START TOR BROWSER.EXE-F5557FAC.pf
    • C:\Windows\Prefetch\TBB-FIREFOX.EXE-350502C5.pf
    • C:\Windows\Prefetch\TOR-BROWSER-2.3.25-6_EN-US.EX-1354A499.pf
    • C:\Windows\Prefetch\TOR.EXE-D7159D93.pf
    • C:\Windows\Prefetch\VIDALIA.EXE-5167E0BC.pf

    The following cache files are most likely similar to prefetch files and might contain traces of the Tor Browser Bundle:

    • C:\Users\runa\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
    • C:\Users\runa\AppData\Local\Microsoft\Windows\Caches{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db
    • C:\Windows\AppCompat\Programs\RecentFileCache.bcf

    Linked items ... 0

    • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading