PaulDotCom mailing list archives
A question about browser history
From: pj_mcgarvey at hotmail.com (PJ McGarvey)
Date: Tue, 3 Nov 2009 12:57:04 -0500
As users get redirected to malicious sites all the time, I'm sure it's well within the possibility that they could also be redirected to a porn site as well via iframes, etc. Looking through lots of IE related browser history myself, it's hard to know the user's exact intentions, though sometimes it's pretty obvious once you see google search queries, the typed urls registry key, and such that don't appear work related. Might be an opportunity to repeat whatever legit browsing he said he was doing and examine your own cache. ;-) -PJ Date: Tue, 3 Nov 2009 12:38:44 -0500 From: dorne.mabais at googlemail.com To: pauldotcom at mail.pauldotcom.com Subject: [Pauldotcom] A question about browser history I have a situation at a client's that I would appreciate some help with. An employee was flagged as visiting "adult" sites (which is surprising since their proxy is not exactly current or well setup), and a quick look at the browser history showed traces of this (firefox 3.5). But in my brief exposure to forensics I have been told, "do not look for evidence of guilt or innocence, just look for evidence". This employee seems honestly shocked about this and swears that he did not do it (even has suggested taking a lie-detector test to prove it!) and some of the sites do seem like those that are ad funded and I know those can be more then meets the eye. So I have been trying to find out if it is possible that he is actually innocent. I have done some reading and hidden iframes would explain the proxy traffic but as far as I know, those do not show in the browser history (?). I am sure that a pop-up window would not have been it either. I admit my web-security-fu is not at a very high level, so I would like to ask if anyone knows of a way this could have happened which backs up the employee's story or do I just go ahead and assume guilt? Thanks Dorne -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091103/d75e6591/attachment.htm
Current thread:
- A question about browser history Dorne Mabais (Nov 03)
- A question about browser history PJ McGarvey (Nov 03)
- A question about browser history Karl Schuttler (Nov 03)
- A question about browser history Joel Folkerts (Nov 03)
- A question about browser history Michael Miller (Nov 10)
- <Possible follow-ups>
- A question about browser history David A. Gershman (Nov 10)
- A question about browser history Butturini, Russell (Nov 11)
- A question about browser history Dorne Mabais (Dec 16)