investigating misuse of the internet

From: ICT User (ictuser2002_at_yahoo.co.uk)
Date: 07/09/03

  • Next message: Jason.North_at_ch2m.com: "re:investigating misuse of the internet"
    Date: Wed, 9 Jul 2003 09:21:57 +0100 (BST)
    To: focus-ms@securityfocus.com
    
    

    Hello all,

    Occasionally our monitoring software alerts us that
    someone has tried to access a dodgy web site. If it
    is deemed serious enough then as well as the reports
    the we can generate from the software, we are asked to
    actually go and check out the user's machine for any
    evidence of misuse.

    Does anyone know of a formal check list of stuff to go
    through when doing this on a Windows PC (98 or 2000).
    I have found lots of info about what to look for when
    investigating a hacked PC, but what about when looking
    for signs of a user's internet activity? Temporary
    internet files, history, cookies, search for jpegs,
    mpegs, etc. These are the sort of things we normally
    look at, but I want to make sure that I don't miss
    anything important just in case it goes legal.

    Also, if the user had set Internet Explorer options to
    keep 0 days history then does this mean all evidence
    has gone, or is there anything else I can look at,
    e.g. any registry keys?

    Thanks,

    Andy

    __________________________________________________
    Yahoo! Plus - For a better Internet experience
    http://uk.promotions.yahoo.com/yplus/yoffer.html

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------


  • Next message: Jason.North_at_ch2m.com: "re:investigating misuse of the internet"