- Joined
- Aug 20, 2006
- Messages
- 13,000
Stylus or touchscreen-capable Windows PC owners who use handwriting gestures should know that all text files on their machines are likely being harvested in an unencrypted file called “WaitList.dat.” While worrisome, this is technically not a vulnerability, as the OS intentionally does this to improve handwriting recognition. "Once it is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat.”
"On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," the researcher added. Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents. "If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file," he says. This provides crucial forensic evidence for analysts like Skeggs that a file and its content had once existed on a PC.
"On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," the researcher added. Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents. "If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file," he says. This provides crucial forensic evidence for analysts like Skeggs that a file and its content had once existed on a PC.