Penetration Testing mailing list archives
Re: Internet Explorer History
From: okrehel () loews com
Date: Mon, 17 Jul 2006 09:18:58 -0400
You can use index.dat viewer from efense.com Helix forensics CD. You can also carve html cache after data recovery (if suspect deleted it). You can use also Encase, FTK, Smart, etc... Before you do anything, ask your company what action will be taken bases on this information. You might need to create a forensic image, work on image, not original, maybe you need a custodian for digital evidence, etc.... Sometimes someone gets fires and files a lawsuit against person which did forensics. You will have to prove, that all your steps are in compliance with federal laws on collecting evidence, that you have knowledge of forensics, and that chain of custody was preserved. Think twice before you do it and document as much as you can. Maybe you should suggest your company to hire computer forensics investigator for this. Ondrej Krehel, CISSP, CEH kruptos <kruptos@unguarde d.org> To pen-test () securityfocus com 07/16/2006 08:13 cc PM Subject Internet Explorer History Hello All, I have been tasked with recovering the recent history of an individual laptop. It is suspected that the individual may have gone to a "escort" site and attempted to make a purchase via company credit card. I know you can pull up recent history with some of the many index.dat readers available. I have the laptop as part of a domain and a GPO that does not allow users to "Clear History" is enforced. It has been a while, what are the best tools for recovering recent sites visited. Also, if a user is able to clear the history in IE, is there still a way to pull up the history? Thanks! -Kruptos ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Internet Explorer History kruptos (Jul 16)
- RE: Internet Explorer History Erin Carroll (Jul 16)
- Re: Internet Explorer History mikeiscool (Jul 16)
- Re: Internet Explorer History Max Ashton (Jul 17)
- Re: Internet Explorer History fd lists (Jul 18)
- Re: Internet Explorer History okrehel (Jul 17)
- Re: Internet Explorer History Chetan Gupta (Jul 17)
- Re: Internet Explorer History killy (Jul 19)
- RE: Internet Explorer History Erin Carroll (Jul 16)