Penetration Testing mailing list archives
RE: Internet Explorer History
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Sun, 16 Jul 2006 19:16:51 -0700
"attempted to make a purchase"? Does that mean the transaction was processed but declined due to lack of funds or other reasons? If so, pull the account record on the card. It's a company issued card so no privacy laws apply as far as I know. The credit issuer should be able to show all "hits" on the account, approved or not (including credit verification queries etc).
From the way your question is worded it seems they already have the above
information and need the hard data to back it up in case of pursuing prosecution (or protection from prosecution if the employee files wrongful termination). If for some reason you still require the data from the laptop check the cookie cache as well as the temp folder which may contain information to bolster what's found in the index.dat. If this is to be used or may be used in legal proceedings, do *not* pull the forensics information from the laptop interactively but create a write-only locked disk image and pull the info from that. This preserves the chain of evidence etc so there can be no question on the integrity of the data. I would recommend reading up on the legal aspects of obtaining data forensic evidence prior to proceeding. Oh, and there are multiple tools available to read the index.dat. Index Dat Spy 2.0 and others, google around for some. -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: kruptos [mailto:kruptos () unguarded org] Sent: Sunday, July 16, 2006 5:13 PM To: pen-test () securityfocus com Subject: Internet Explorer History Hello All, I have been tasked with recovering the recent history of an individual laptop. It is suspected that the individual may have gone to a "escort" site and attempted to make a purchase via company credit card. I know you can pull up recent history with some of the many index.dat readers available. I have the laptop as part of a domain and a GPO that does not allow users to "Clear History" is enforced. It has been a while, what are the best tools for recovering recent sites visited. Also, if a user is able to clear the history in IE, is there still a way to pull up the history? Thanks! -Kruptos -------------------------------------------------------------- ---------------- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. -------------------------------------------------------------- ---------------- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.1/389 - Release Date: 7/14/2006
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.1/389 - Release Date: 7/14/2006 ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Internet Explorer History kruptos (Jul 16)
- RE: Internet Explorer History Erin Carroll (Jul 16)
- Re: Internet Explorer History mikeiscool (Jul 16)
- Re: Internet Explorer History Max Ashton (Jul 17)
- Re: Internet Explorer History fd lists (Jul 18)
- Re: Internet Explorer History okrehel (Jul 17)
- Re: Internet Explorer History Chetan Gupta (Jul 17)
- Re: Internet Explorer History killy (Jul 19)
- RE: Internet Explorer History Erin Carroll (Jul 16)