How to access Windows Recall AI data locally stored on Windows 11

• Where does Windows Recall store your data? Windows Recall stores your data in the “UKP” folder. The “ImageStore” folder contains the screenshots, and the “ukg.db” file is a database that contains the text for everything the feature knows about you.

On Windows 11, it’s super easy to access the data generated by the Recall AI feature, and in this guide, I will show you how. The Windows Recall feature is one of the most anticipated features with the release of version 24H2, but it’s also the most controversial because of security and privacy concerns.

Although Microsoft has stated that Windows Recall is secure and private, people’s concerns are still present, and for a good reason. According to the company, all the data collected is stored and processed on the device. Nothing gets uploaded to the cloud, so the feature works even without an internet connection. In addition, the company has said that it won’t use any information to train its AI models.

As part of the security concerns, the company has also said that your information is stored securely on your device using Secured-core PCs, “the highest security standard for Windows 11 devices.” Also, Copilot+ PCs come with the Microsoft Pluton security processor, which provides a hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Furthermore, Device Encryption is now turned on by default to encrypt the system drive, and Windows Hello provides the authentication level of security.

However, while the operating system provides one of the highest levels of security, this is device-level security, as it appears that the Recall feature doesn’t include any type of security since anyone with the right access can get a hold of this information.

In this guide, I will show you how to find the screenshots and data that Windows Recall uses to give you answers of anything you have done on your computer.

How to access Recall data on Windows 11

To access your Windows Recall data (screenshots and database), use these steps:

1. Open File Explorer on Windows 11.

2. Browse the following path:

   %LOCALAPPDATA%\CoreAIPlatform.00\UKP

   

3. Open the only folder available that includes hexadecimal numbers and brackets as part of the name.

4. Open the ImageStore folder to access the screenshots taken by Recall.

   

5. (Optional) Copy and paste one of the files into another folder and change the file extension to “.jpg” to open the file with the Photos app. (You can do the same with all the other files.)

   

6. Click the Back button on File Explorer.

7. (Optional) Copy and paste the ukg.db file to another location.

   Quick note: The ukg.db is the database that stores all the information that Recall stores about each snapshot, including the name of the app and contents extracted from the images.

8. Open Start.

9. Search for Command Prompt, right-click the top result, and select the Run as administrator option.

10. Type the following command to install the SQLiteStudio app to open the Recall AI database and press Enter:

    winget install --id sqlitestudio.pl.SQLiteStudio

    Quick note: You can use any database app to open the ukg.db.

11. Open the SQLiteStudio app.

12. Click on Database and choose the Add a dababase option.

13. Click the folder icon for the “File” setting.

    

14. Browse to the location where you placed the copy of the Recall database.

15. Choose the ukg.db file and click the Select button.

16. Click the OK button.

17. Double-click the ukg databse to reveal the tables.

18. Double-click the WindowsCaptureTextIndex_content table.

19. Click the Data tab.

20. Review all data generated by Windows Recall.

    

Once you complete the steps, you will have access to all your information captured by Recall, including passwords, account numbers, and other information, whether it is sensitive or not, because the feature doesn’t moderate any content, and everything is saved in plain text or images that are easily accessible.

Although your data is protected by extensive security, this security only applies to your device and account. Anyone with the right access (remotely or physically) can access your data.

Of course, even easier, anyone with access to your Windows 11 account can simply open the Recall app and search for anyone they want. However, the ability to browse and access the database and image files makes it more tentative for malicious individuals since they can easily copy and transfer or scrape the data to any location with the right programming skills.

In my opinion, Windows Recall data should have its own encryption inside the system, and the app should be password-protected with a timeout feature after some inactivity.

At the minimum, users should not be able to enable Recall AI if the device encryption is not turned on. For example, if the device doesn’t use encryption, another user with administrative rights can browse and access your data from their own account.

For example, Google Chrome and Microsoft Edge won’t let you access your saved passwords if you don’t authenticate with the application. In the past, even with all the security on Windows, you were able to access your saved passwords directly from the browser. However, after security complaints, Google updated the browser to an extra layer of security.

Currently, you think you have a password manager and that your information is safe, but technically, they are not while this feature is turned on. If you use Recall on Windows 11, the security is the same as keeping your passwords and other sensitive information in a Notepad file is the same. (Remember that we’re always told never to store sensitive information in plain text.)

You can exclude websites and apps from Windows Recall, but you must know about this configuration and proactively update it to work correctly. You can also use InPrivate or Incognito mode in the browser to prevent the AI feature from saving data from these applications, but you also have to remember to switch modes before accessing sensitive information.

Of course, the chances of something happening are slim, but it could happen even more if you don’t take precautions to secure your computer correctly.

What are your thoughts about the security implementation of Recall on Windows 11? Let me know in the comments below.

Update June 14, 2024: Microsoft has announced that it is temporarily pausing the rollout of the Windows Recall AI feature as it needs more time for testing and ensuring security. As a result, Copilot+ PCs won’t get the feature on June 18.