Penetration Testing mailing list archives
Re: Internet Explorer History
From: okrehel () loews com
Date: Mon, 17 Jul 2006 09:18:58 -0400
You can use index.dat viewer from efense.com Helix forensics CD.
You can also carve html cache after data recovery (if suspect deleted it).
You can use also Encase, FTK, Smart, etc...
Before you do anything, ask your company what action will be taken bases on
this
information.
You might need to create a forensic image, work on image, not original,
maybe you
need a custodian for digital evidence, etc....
Sometimes someone gets fires and files a lawsuit against person which did
forensics.
You will have to prove, that all your steps are in compliance with federal
laws on collecting
evidence, that you have knowledge of forensics, and that chain of custody
was preserved.
Think twice before you do it and document as much as you can. Maybe you
should suggest
your company to hire computer forensics investigator for this.
Ondrej Krehel, CISSP, CEH
kruptos
<kruptos@unguarde
d.org> To
pen-test () securityfocus com
07/16/2006 08:13 cc
PM
Subject
Internet Explorer History
Hello All,
I have been tasked with recovering the recent history of an individual
laptop. It is suspected that the individual may have gone to a "escort"
site and attempted to make a purchase via company credit card.
I know you can pull up recent history with some of the many index.dat
readers available. I have the laptop as part of a domain and a GPO that
does not allow users to "Clear History" is enforced.
It has been a while, what are the best tools for recovering recent sites
visited. Also, if a user is able to clear the history in IE, is there
still a way to pull up the history?
Thanks!
-Kruptos
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic has
the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Internet Explorer History kruptos (Jul 16)
- RE: Internet Explorer History Erin Carroll (Jul 16)
- Re: Internet Explorer History mikeiscool (Jul 16)
- Re: Internet Explorer History Max Ashton (Jul 17)
- Re: Internet Explorer History fd lists (Jul 18)
- Re: Internet Explorer History okrehel (Jul 17)
- Re: Internet Explorer History Chetan Gupta (Jul 17)
- Re: Internet Explorer History killy (Jul 19)
- RE: Internet Explorer History Erin Carroll (Jul 16)