History of Windows folders

Computer forensics specialists and ordinary users may be faced with a situation in which it is necessary to find out when and which folders were opened on a computer in the Windows operating system. In this article, I will show you how to find out which folders were opened, which ones were deleted, and, if necessary, how to cover yourself by deleting the history of open and deleted folders.

Recently opened folders in Windows

The Windows operating system is focused on providing the user with optimal ease-of-use features. Within the framework of these OS standards, the system provides an automatic ability to memorize the position and size of an open window. Thus, if the user closes the explorer window and reopens it, it will appear in the same place. This is a useful Windows feature, but it can also be useful for forensics professionals to view the last open Windows folders.

This can be done manually by poking around in the registry or with the help of professional computer forensic programs such as FTK or EnCase, which are very difficult for the average PC user. But there is also an easier way to view the history of open folders in Windows – using the small and easy-to-understand programs, which will be discussed below.

Recently opened folders on Windows with ShellBagsView

ShellBagsView is a small free utility from the renowned developer NirSoft that can extract data from ShellBags and display the last visited Windows folders. The program has a simple interface and works with all Windows versions.

ShellBagsView is very easy to use. Here are the basic steps:

1. Download the ShellBagsView app from the official website at this link.
2. Unpack the archive and run the ShellBagsView.exe file.
3. Once launched, ShellBagsView will display all open folders.

ShellBagsView main window

Double left click on the found entry will open additional information. Among which: path, last modified date, window position, type, key, etc.

It is also possible to export the result in the following formats: txt, scv, html, xml.

ShellBagsView can be run from the command line. Here’s the syntax:

• / stext <file name> – save the list of open folders to a plain text file.
• / stab – save the list of open folders in a tab-delimited text file.
• / scomma – save the list of open folders to a comma delimited text file.
• / stabular – save the history of open folders as a tabular text file.
• / shtml – save history of open folders to HTML file (horizontally).
• / sverhtml – save history of open folders to HTML file (vertically).
• / sxml – save the history of open folders to an XML file.

ShellBagsView is a good program for the non-advanced user.

Recently opened folders in Windows with Shellbag Analyzer & Cleaner

The next program is Shellbag Analyzer & Cleaner from developer Goversoft, who is popular for his utility Privazer.

Shellbag Analyzer & Cleaner is very easy to use. Here are the basic steps:

1. Download Shellbag Analyzer & Cleaner from the official website at this link.
2. Run the downloaded file and after the window that appears, click on the “Analysis” button.
3. After a certain time (depending on the number of folders), a list of open and deleted Windows folders will be displayed.

The utility allows you to display all found objects separately and in different categories:

• Deleted folders
• Network folders / External devices
• Open local folders
• Windows Control Panel and Windows Settings
• searching results

In addition, the utility allows you to export (in .txt format) all the information found, and most importantly, if you need to hide work on the computer, delete the history of open folders.

Recently opened folders on Windows with ShellBags Explorer

Shellbags Explorer interprets the mustbags data and displays it. The downloaded archive contains a file with detailed instructions.

You can download the ShellBags Explorer application from the official website at this link.

Recently opened folders in Windows with Sbag

Sbag is a console utility for which you need to run the command line with administrator rights. Detailed instructions with the tool can be found on the download page from the official website at this link.

The last two utilities are more difficult to use and more suitable for computer forensics specialists.

That’s all. Now you know what programs you can use to view the history of open and deleted Windows folders, and in addition, if necessary, remove your own traces.