Does anyone have an NTUSER.DAT file that they could send me for testing that includes the following key (along with filled in values)
Software\Google\NavClient\1.1\History
I'd like to write a plugin for this…if you have such a hive file, I'd greatly appreciate a copy.
Thanks!
I checked quite a few machines (including a few personal laptops that are floating around) and they all have Software\Google\NavClient, but are not populated beyond that.
I see that it has to do with Google Toolbar search history, but do not see entries (and yes the computers do have the Google Toolbar). Even after crafting a unique search I do not find any Registry entries.
Is this an entry related to an older version of the Toolbar or a specific feature? I tried several ideas but none created the entries you are looking for. LMK if there is something in particular and I will send what I can.
A question about Internet search artifacts came up on the EnCase user's forum. A bit of politics ensued, and in the end, the OP said he'd found his answer in this key.
Do you have anything that goes beyond NavClient? It doesn't have to be version 1.1…any version will do. I'd just like to see what the artifacts look like…thanks.
I checked around on my stuff and could only go as deep as Software\Google\NavClient as well. Nothing beyond that.
Do you have anything that goes beyond NavClient?
Nothing. I even tried to add some of the entries I found in some Google searches to force an entry and then look for changes. Nothing. I also loaded the new Beta and there were no entries. I'll have to see if the WayBack machine has entries for an old version.
keydet, are you still looking for an ntuser.dat as outlined above? I have one that I think matches your needs.
Regards
Rob
Rob,
yeah, still looking…
can you send it to me at keydet89 at yahoo dot com?
JFYI
http//
Google toolbar installation notes
First off i install the application as suggested above with switched /q /d. Many of the setting for this application can be configured in the HKEY_CURRENT_USER\Software\Google part of the registry. Aside from these settings the autofill data and its checkbox enable option are stored in the a file "C\Documents and Settings\<USERNAME>\Local Settings\Application Data\Google\Autofill.dat" Configure the application and check or uncheck this option, copy this to all computer when you perform the installation(only if it should be unchecked or there is information you would like configured). Lastly go to all known sites that you do not want popup blocking to interfere. After you've maked all sites which should accept popups export the 2 reg keys
HKEY_CURRENT_USER\Software\Google\NavClient\1.1\whitelist\allow2 (list of permitted sites)
HKEY_CURRENT_USER\Software\Google\NavClient\1.1\whitelist\lastmod (some hash number based upon added sites)
Because of this hash number you are not able to simply edit the "allow2" list of accepted sites, if you do you MAY break your current list of accepted sites.
http//
http//
http//209.85.129.132/search?q=
(maybe useful) ?
jaclaz
jaclaz,
I'm unclear as to how any of those links pertain to the History subkey…but thanks.
Plugin completed.