PaulDotCom mailing list archives

A question about browser history

From: Russell.Butturini at Healthways.com (Butturini, Russell)
Date: Wed, 11 Nov 2009 08:10:05 -0600

I know I'm late to the discussion a bit, but I've always been partial to
this tool for history recovery of both IE and Firefox:
http://www.codeproject.com/KB/vbscript/Internet_Explorer_Spy.aspx

Does a better job than the commercial tools and it's free!

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of David A.
Gershman
Sent: Tuesday, November 10, 2009 9:18 PM
To: PaulDotCom Security Weekly Mailing List 
Subject: Re: [Pauldotcom] A question about browser history

anyone knows of a way this could have happened which backs up the

employee's

story or do I just go ahead and assume guilt?

First (IMHO)
Don't assume guilt or innocence. Stick to what you were asked...find
evidence if its there. If its not there, fine. Start assuming anything
or taking the employee's "nature" into account and you're doing the
manager's/company's job. If this employee gets fired for an
'assumption', you'll feel it. Provide the best evidence you can and let
the verdict reside with the company.

I know it sounds cold, but when doing forensics its important to remain
as objective as possible.

Second
As for how their history could have been populated, I really have no
idea. I do know this, don't just look within the browser. A good piece
of malware coming from a thumbdrive could screw with browser files just
as easily. Be sure to scour the big picture.

----------------------------------------
David A. Gershman
gershman at dagertech.net
http://dagertech.net/gershman/
"It's all about the path!" --d. gershman
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than
the named recipient of this email,
and is to be used only for the intended purpose of this communication.
******************************************************************************

Current thread:

A question about browser history Dorne Mabais (Nov 03)
- A question about browser history PJ McGarvey (Nov 03)
- A question about browser history Karl Schuttler (Nov 03)
- A question about browser history Joel Folkerts (Nov 03)
- A question about browser history Michael Miller (Nov 10)
- <Possible follow-ups>
- A question about browser history David A. Gershman (Nov 10)
  - A question about browser history Butturini, Russell (Nov 11)
  - A question about browser history Dorne Mabais (Dec 16)