investigating misuse of the internet

From: ICT User (ictuser2002_at_yahoo.co.uk)
Date: 07/09/03

  • Next message: Jason.North_at_ch2m.com: "re:investigating misuse of the internet"
    Date: Wed, 9 Jul 2003 09:21:57 +0100 (BST)
    To: focus-ms@securityfocus.com
    
    

    Hello all,

    Occasionally our monitoring software alerts us that
    someone has tried to access a dodgy web site. If it
    is deemed serious enough then as well as the reports
    the we can generate from the software, we are asked to
    actually go and check out the user's machine for any
    evidence of misuse.

    Does anyone know of a formal check list of stuff to go
    through when doing this on a Windows PC (98 or 2000).
    I have found lots of info about what to look for when
    investigating a hacked PC, but what about when looking
    for signs of a user's internet activity? Temporary
    internet files, history, cookies, search for jpegs,
    mpegs, etc. These are the sort of things we normally
    look at, but I want to make sure that I don't miss
    anything important just in case it goes legal.

    Also, if the user had set Internet Explorer options to
    keep 0 days history then does this mean all evidence
    has gone, or is there anything else I can look at,
    e.g. any registry keys?

    Thanks,

    Andy

    __________________________________________________
    Yahoo! Plus - For a better Internet experience
    http://uk.promotions.yahoo.com/yplus/yoffer.html

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------


  • Next message: Jason.North_at_ch2m.com: "re:investigating misuse of the internet"

    Relevant Pages

    • Re: Oh Poor Brucie! LOL Miserable POS
      ... being "the worst scandal in the history of the United States?" ... > I have zero involvement with lyme activism...zero. ... So all you do is blather non stop on the internet? ... Gee I just thought it was a paranoid schizophrenic thing! ...
      (sci.med.diseases.lyme)
    • RE: investigating misuse of the internet
      ... cleaning the history or cache regularly (e.g. setting history retention to 0 ... bit-stream image of the original drive, as will other digital forensics ... investigating misuse of the internet ... Temporary Internet Files ...
      (Focus-Microsoft)
    • RE: Removing search addresses
      ... Click on General Tab then click on Clear History, also you can set the day ... Empty Temporary Internet Files folder when browser is closed. ... "Reg Garbett" wrote: ...
      (microsoft.public.windowsxp.general)
    • Internet-History.org
      ... One day the site was for history, ... but then some self-proclaimed experts who when it suits them read the ... 'Redemption Hold Period' of the 5 days which follows the Grace Period ... splendid example of going off topic in an internet group, ...
      (comp.dcom.telecom)
    • Re: what a crock!!!!!!!!!!!!!!!!!!!!!!!
      ... him that to file a lawsuit based upon an internet post he would first ... as some of the evidence presented in recent Microsoft and ... believe that any court would accept an e-mail as PROOF of anything? ... can tell you as fact that they won't in Thailand. ...
      (rec.knives)