Penetration Testing mailing list archives
Re: Internet Explorer History
From: "Chetan Gupta" <chetan.gupta () niiconsulting com>
Date: Mon, 17 Jul 2006 22:26:31 +0530
Hey Kruptos, There are many tools to recover recent internet history of a user if you have access to his index.dat files. IE has three separate logging facilities that can be used to reconstruct the suspect's web browsing activities. They are: a. History of visited URLs b. Cookies c. Temporary Internet Files The best tools (in the order of my preference) are: 1. Netanalysis ( Amazing tool, provides a variety of filtering capabilities and ability to read and correlate all the three types of files but commercial) 2. Encase/ Accessdata ( Both commercial tools, expensive but provide good analysis capability) 3. Web Historian ( A free tool from mandiant.com, provides nicely formatted excel sheet output) 4. Pasco/Galleta ( another set of free tools, command line , a little clumsy but nevertheless do the job) You can get the detailed information on how to interpret the information at this link: http://www.niiconsulting.com/checkmate/2006/01/browser-secrets-unveiled I hope that helps! Regards, Chetan -- Chetan Gupta GCFA, CCNA, CIW Sec. Analyst Forensic Analyst NII Consulting Pvt. Ltd. Email: chetan.gupta () niiconsulting com Mobile: +91 9867780965 Web: www.niiconsulting.com ------------------------------ ------------------------ Online Computer Forensics Magazine http://www.niiconsulting.com/checkmate Comprehensive Incident Response and Forensics Services http://www.niiconsulting.com/services/liveresponse.html On 7/17/06, kruptos <kruptos () unguarded org> wrote:
Hello All, I have been tasked with recovering the recent history of an individual laptop. It is suspected that the individual may have gone to a "escort" site and attempted to make a purchase via company credit card. I know you can pull up recent history with some of the many index.dat readers available. I have the laptop as part of a domain and a GPO that does not allow users to "Clear History" is enforced. It has been a while, what are the best tools for recovering recent sites visited. Also, if a user is able to clear the history in IE, is there still a way to pull up the history? Thanks! -Kruptos ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
-- Chetan Gupta GCFA, CCNA, CIW Sec. Analyst Forensic Analyst NII Consulting Pvt. Ltd. Email: chetan.gupta () niiconsulting com Mobile: +91 9867780965 Web: www.niiconsulting.com ------------------------------------------------------ Online Computer Forensics Magazine http://www.niiconsulting.com/checkmate Comprehensive Incident Response and Forensics Services http://www.niiconsulting.com/services/liveresponse.html ------------------------------------------------------ ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Internet Explorer History kruptos (Jul 16)
- RE: Internet Explorer History Erin Carroll (Jul 16)
- Re: Internet Explorer History mikeiscool (Jul 16)
- Re: Internet Explorer History Max Ashton (Jul 17)
- Re: Internet Explorer History fd lists (Jul 18)
- Re: Internet Explorer History okrehel (Jul 17)
- Re: Internet Explorer History Chetan Gupta (Jul 17)
- Re: Internet Explorer History killy (Jul 19)
- RE: Internet Explorer History Erin Carroll (Jul 16)