Recently we (a national archive) received a transfer of born-digital records which included ‘thumbs.db’ files.
As a refresher – thumbs.db is a Windows thumbnail cache file. It is generated by the system when ever a user selects ‘thumbnail view’ in a Windows Explorer folder, and the thumbs.db file lives in the directory for which it contains the information about the thumbnails for. It is normally a ‘hidden’ file, but the file can be made visible with system settings.
If the thumbs.db file is deleted a new one is created when ever the contents of that that directory is viewed in ‘thumbnail view’ mode.
Since it is an automatically created, hidden file created as needed, my inclination is to delete the files and NOT ingest them into our digital preservation system. They seem to serve no other function than to allow the user of a Windows machine to view the contents of a directory in a different way.
HOWEVER – the thumbs.db file can hold information about files which no longer exist in the directory. Traces of information can linger in a thumbs.db file. The file is amended when new content is added to the directory and thumbnail viewed, but when files are removed from the directory information is not subtracted from the file. Therefore there may be indications of files which once existed. According to Wikipedia a paedophile was caught using image information contained in a thumbs.db file even though the actual images were deleted.
From an ‘evidence’ perspective, thumbs.db files might give an interesting clue into what the user of the computer was doing.
From and ‘archival’ perspective I’m dubious – these are hidden files which are not (as far as I know) actively used by end users - and therefore not records. “Hmmm,” says Mr End User, “What was the name of that photograph I was looking at last month? I know - I’ll look into my thumbs.db file and get the file name.”
Questions: do any of you have experience with thumbs.db files? Do any of you have written policies on hidden system files you can share with us?