As of July 12, 2015, the current version of ChromeCacheView is 1.66.
The ChromeCacheView program works on any version of Windows starting from
Windows 2000 and up to Windows 7/8/2008. It examines the Google Chrome Cache
stored at [User Profile]\Local
Settings\Application Data\Google\Chrome\User Data\Default\Cache
.
To use the software, simply extract the contents of the zip file to the directory on your system from which you wish to run it. The executable file is a small 62,650 byte, i.e. about 61K, file ChromeCacheView.exe. There are two other files in the zip file, ChromeCacheView.chm, which is a "help" file, and readme.txt.
C:\Users\Public\Downloads\CromeCacheView>dir Volume in drive C has no label. Volume Serial Number is 9420-A68C Directory of C:\Users\Public\Downloads\CromeCacheView 07/12/2015 03:54 PM <DIR> 07/12/2015 03:54 PM <DIR> 03/21/2015 08:57 PM 16,212 ChromeCacheView.chm 03/21/2015 08:57 PM 62,560 ChromeCacheView.exe 03/21/2015 08:57 PM 10,649 readme.txt 3 File(s) 89,421 bytes 2 Dir(s) 64,927,510,528 bytes free
Once the program has loaded information from the cache, it will display the URLs for cache pages that it found.
By default, it will show the cached data for the currently logged in account, but you can see the cached data for other accounts on the system by selecting File then Select Cache Folder.
You can also copy the cache directory from a system to removable media, such as a flash drive, and view the cached data with ChromeCacheView on another system.
You can search for cached pages for a particular website or with a particular text string in the URL by clicking on Edit and selecting Find. You can also click on a column header, such as URL to organize the list alphabetically by that element, e.g., by URL, Last Accessed time, etc. If you scroll to the right in the window, you will see many other parameters for cached files.
You can obtain details on a cached item by right-clicking or double-clicking on an entry in the list and choosing Properties.
You can view an item in the cache by clicking on it to select it and then choosing File and Open Selected Cache File. E.g., if you selected an image it would open in the default image viewing program on the system. For an HTML file, the cached page would be opened in the default browser.
You can determine what file in the cache is assocated with an entry in the
list by scrolling to the right and looking at the value for
Cache Name. E.g., in the example below I see data_3
.
I can then locate that file in the cache directory.
C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cache>dir data_3 Volume in drive C has no label. Volume Serial Number is 9420-A68C Directory of C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Cache 06/09/2015 11:03 PM 37,756,928 data_3 1 File(s) 37,756,928 bytes 0 Dir(s) 64,923,246,592 bytes free
If you wish it to rescan the cache, you can click on View and select Refresh.
The VirusTotal analysis for the chromecacheview.zip file is included below. VirusTotal is a site now owned by Google whiich scans uploaded files with multiple antivirus programs.
VirusTotal Report from 2015-07-12
(PDF)
VirusTotal report URL
Two of the 55 antivirus products which were used to scan the file reported potential issues. Antiy-AVL reported RiskWare[PSWTool]/Win32.IEPassView.fm and Bkav, stands for "Bach Khoa AntiVirus" and is produced by the Vietnamese company Bach Khoa Internetwork Security center (BKIS), reported W32.HfsAdware.B58B. You can find a December 2008 review of the company's software at Top-notch Vietnamese software BKAV raises antivirus bar. The company provides a free version of its antivirus software, Bkav Free Edition (FE), for desktop systems and a version of its antivirus software is available for smartphones as well.
I believe both the Antiy-AVL and Bkav analyses are false positives. I have installed multiple programs developed by Nir Softer and provided through his NirSoft website on multiple computers and I have never encountered any adware associated with any of his programs. The other "riskware" report may be based on the the fact that the program is accessing data from the browser's cache, which it needs to do to perform its function. I've found many instances where antivirus/antispyware products will flag utilities not used by most users, but which provide troubleshooting capabilities to more advanced users as potentially suspicious. I presume that may be due to the antivirus developers assuming that the presence of such tools on a system could be indicative of suspicous activities, since the tools could be used for malicious purposes by someone other than the system owner. Nir Sofer addresses the occasional flagging of his software by antivirus products in his About page in a "False Positives" Issues section.
The report from another site, Jotti's malware scan is included below.
Jotti Report from 2015-07-12 (PDF)
Jotti's malware scan report URL
One of the twenty-two programs it used, ClamAV, flagged the file. ClamAV reported PUA.Win32.Packer.Upx-28. The "PUA" means Potentially Unwanted Application. That indicates the program could be something a user doesn't want on his/her system, but in this case, if you've downloaded the software to examine the Chrome cache, that doesn't apply. The "Packer" reference is probably there to indicate that the software was compressed with a "runtime packer". Malware developers sometimes use runtime packers to hide details regarding their code from those attempting to discern how the malware functions, but many software developers also use runtime packers for legitimate reasons as well. UPX stands for "Ultimate Packer for Executables" and is a free and open source executable packer for multiple operating systems including Microsoft Windows, Linux, Mac OS X, MS-DOS, and Atari.
I've included the reports from both sites, but I don't believe either show any cause for concern with the software. I've included them should anyone else scan the downloaded file and see it flagged by an antivirus/antispyware program in use on his or her system. Almost all of the many antivirus programs with which the file was scanned find it innocuous and of those that flagged the software, I don't see any showing any real cause for concern for someone who put the software on a system to view the Chrome cache.
Created: July 12, 2015