Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Computer forensics to uncover illegal internet use

from [Beauford, Jason] Network Security [Permanent Link]
Subject: RE: Computer forensics to uncover illegal internet use
Date: Tue, 30 Aug 2005 08:49:31 -0400 
Check out INDEXVIEW.exe.  Internet explorer writes a history of all
visited sites to a file labeled INDEX.DAT.  This file is usually hidden.
Most end users are not bright enough to research thoroughly and will not
delete this file.  If they use Internet Explorer as their Browser, then
find this file and you will have your proof.  Download INDEXVIEW here =>
http://superwebsearch.com/dwl/IndexView.exe

Additionally, SecurityFocus has a great article which describes what you
want to do:

Part 1 (for IE):  http://www.securityfocus.com/infocus/1827

Part 2 (for Firefox) http://www.securityfocus.com/infocus/1832


Good Luck.  


JMB

     =|   -----Original Message-----
     =|   From: Edmond Chow [mailto:echow@gettechnologies.com] 
     =|   Sent: Friday, August 26, 2005 7:23 PM
     =|   To: security-basics@securityfocus.com
     =|   Cc: Edmond Chow
     =|   Subject: RE: Computer forensics to uncover illegal 
     =|   internet use
     =|   
     =|   
     =|   Dear List,
     =|   
     =|   I'm working on the following project and would 
     =|   appreciate your views:
     =|   
     =|   I have been tasked with finding out if a certain 
     =|   desktop computer was used to view pornographic sites 
     =|   on the internet.  This user has gone to great lengths 
     =|   to try to mask his illegal activities by erasing 
     =|   cookies, temp.
     =|   files and by installing anti-spyware software on his 
     =|   computer.  Are there any tools that would allow me to 
     =|   still uncover proof that he had accessed these sites? 
     =|    So far, the tech department is telling me that he 
     =|   did access illegal sites on only two dates but I 
     =|   suspect that this illegal activity started many 
     =|   months or years ago and it will be up to me to find 
     =|   more proof.
     =|   
     =|   Also, at a network level, we know his IP address but 
     =|   yet my technical support department is telling me 
     =|   that they cannot (either because they don't want to 
     =|   or because they are not technically capable of) tell 
     =|   me what internet sites this IP address has accessed 
     =|   in the past.  Logically, there must be a point in the 
     =|   network (on some piece of hardware) where I can 
     =|   consult log files to track his activities?  Or, is 
     =|   there a log file that I can consult that will tell me 
     =|   what sites all my users have accessed and from what 
     =|   IP address?
     =|   
     =|   In terms of access to the desktop in question, I will 
     =|   have full access as the computer will be in my 
     =|   possession in the coming days.
     =|   
     =|   Thank-you and any help that you can provide would be 
     =|   most appreciated.
     =|   
     =|   Regards,
     =|   
     =|   
     =|   Edmond
     =|   
     =|   
     =|   
     =|
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Computer forensics to uncover illegal internet use, Frankie Li
Next by Date:  GPL version of WiKID Strong Authentication released, Nick Owen
Previous by Thread:  RE: Computer forensics to uncover illegal internet use, James McEachern
Next by Thread:  RE: Computer forensics to uncover illegal internet use, Edmond Chow
Indexes:  [Date] [Thread] [Top] [All Lists]