Hello muhmuh21,
Thank you for your question. I will answer in the order the parts of
your question was asked:
1) Does a downloaded xxx.dat/xxx.txt etc file contain information
about its source or who downloaded it in a header?
Answer: No
There is information "generally" available from files that contain
author and version information. Assuming you are using a Windows
operating system computer, go to the c:\windows directory and choose
almost any .exe file. RIGHT click on it and choose properties. Here
and particularly on the Version tab, you may find the author, version,
alternate name and other pertinent information that may or may not
have value for you.
You will not find this information on all types of files but most
often on programs (.exe) and Dynamic Link Libraries (.dll). Text
files, image files and the like generally contain only their creation
and modification dates and the size of the file in the properties.
There are exceptions to these generalities. Documents created in
Microsoft Word often have the name of the creator embedded in the
header information of the document, for example.
However, there is no indication of where the file was obtained or who
obtained the file.
2) Does the downloading computer/server/system etc leave information
in a file header/packet that identifies the downloader?
Answer: In the file itself - no. But can it track who downloaded the
file? Yes.
Whenever you make a connection to another computer, your computer is
identified by an IP address. Some computers, such as some that have
high speed access such as DSL or Cable modems have fixed IP addresses,
i.e., addresses that never change and are always linked to a
particular computer. Most users of dial-up Internet services have
dynamically assigned IP addresses that change each time a new call is
established.
Records are kept at the Service Provider as to which user is assigned
what IP address at what times so that it is always traceable that your
computer was online at the particular times it is actually connected
to the Internet. Many, if not most web sites keep logs of files that
are downloaded and log this information by IP address. By looking up
this information with a "Whois" utility, they can either identify you
if your IP address is fixed, or your Internet Service Provider as the
owner of the IP address. By coordinating this information with the
logs kept by your Internet Service Provider (ISP), it "can" be
determined which computer downloaded a particular file at a particular
time. One would then need to know who was the operator of that
computer at that point in time to complete the puzzle.
Additionally, many web sites place "cookies" on your computer. Cookies
are small text file usually stored in Temporary Internet Files folders
and contain a possible variety of information including what pages you
might have visited so that you can see what is new since your last
visit, or even what items you have placed into an electronic shopping
cart to track your order as you shop. Cookies can identify your
viewing and downloading experiences in some cases.
For further reading on these topics, you might search IP Address,
Cookies and Whois. For example:
Webopedia's IP Address Tutorial
http://www.webopedia.com/TERM/I/IP_address.html
Whois - ARIN Whois Database
http://www.arin.net/whois/index.html
How Web Servers' Cookies Threaten Your Privacy
http://www.junkbusters.com/cookies.html
You will find many, many pages of information on these subjects.
The page mentioned on Cookies above gives you very good information
about what might be learned about you just from visiting a web site:
"...What your browser tells them
Your browser is probably revealing more than you might want: which
computer you are coming from, what software and hardware you are
using, details of the link you clicked on, and possibly even your
email address. For specifics on your browser click on our
demonstration page.
If your ISP is running an identd demon, or if you leave certain IRC
clients running while you surf, servers can ask for your identity at
the time your browser requests a page. Try our test to see whether
this is happening to you. Some firewalls (rightly) block these
requests, so if the browser goes silent just interrupt the transfer
request with the stop button. If you're running an IRC client you may
find the disclosure stops when you turn it off; see instructions
below.
How they can find out who you are
All they may need is your email address because various databases let
them look up your name and address from it.
People often type their email or postal address into forms, when
registering at a site or requesting information.
Some browsers that include a mail handler disclose the user's email
address in certain situations, such as when requesting a file by FTP,
which you can do simply by clicking on a link that happens to begin
ftp: rather than http. You can tell your browser not to do this.
Cookies tell them it's you every time you click
Many organizations use ``cookies'' to track your every move on their
site. A cookie is a unique identifier that a web server places on your
computer: a serial number for you personally that can be used to
retrieve your records from their databases. It's usually a string of
random-looking letters long enough to be unique. They are kept in a
file called cookies or cookies.txt or MagicCookie in your browser
directory/folder. They are also known as ``persistent cookies''
because they may last for years, even if you change ISP or upgrade
your browser..."
3) Are there absolute date/time stamps placed into the file, or is
purely relative to the setting on the downloading (saving) computer?
Answer: Sometimes both.
In general, and executable file (exe) will contain the following:
Date Created
Date Modified
Date Accessed
The created date should be the actual date the file was compiled by
the author. The modified and accessed dates will be relative to the
date and time set on your computer.
This information should be contained in virtually every file
regardless of type, however the create date of a text file (.txt)
written on your machine, for example , will be based on the date and
time of your computer and whether it is set accurately or not. Of
course, if you downloaded this text file, the create date would be the
date and time the author created the file.
There ARE utilities to edit and change dates and time, but they are
well beyond the scope of this answer.
4) If saved to a floppy - could information about the saving computer
be found on the floppy?
Answer: No.
There is no identifier that will determine which computer saved a file
to a floppy disc.
There is often quite a bit of other "hidden" information in files that
can be read with programs such as hex editors or even text editors. If
you care to experiment, you can download free or trial hex editors
from CNET or ZDNET or other shareware sites. Do be careful as changing
even one hidden character in a file can cause it to lose all
functionality. Always experiment on a copy of anything you wish to
keep.
You can also send files such as dll's to notepad (or wordpad if the
file is larger than 64K) and see information contained in the file in
plain text interspersed among the unreadable code.
But these bits of information do not pertain to the answers to your
questions above.
I trust my research will answer your questions about the traceability
of downloaded files. If a link above should fail to work or my
research require further explanation, please do post a Request for
Clarification.
Regards,
-=clouseau=- |
