investigating misuse of the internet

From: ICT User (
Date: 07/09/03

  • Next message: "re:investigating misuse of the internet"
    Date: Wed, 9 Jul 2003 09:21:57 +0100 (BST)

    Hello all,

    Occasionally our monitoring software alerts us that
    someone has tried to access a dodgy web site. If it
    is deemed serious enough then as well as the reports
    the we can generate from the software, we are asked to
    actually go and check out the user's machine for any
    evidence of misuse.

    Does anyone know of a formal check list of stuff to go
    through when doing this on a Windows PC (98 or 2000).
    I have found lots of info about what to look for when
    investigating a hacked PC, but what about when looking
    for signs of a user's internet activity? Temporary
    internet files, history, cookies, search for jpegs,
    mpegs, etc. These are the sort of things we normally
    look at, but I want to make sure that I don't miss
    anything important just in case it goes legal.

    Also, if the user had set Internet Explorer options to
    keep 0 days history then does this mean all evidence
    has gone, or is there anything else I can look at,
    e.g. any registry keys?



    Yahoo! Plus - For a better Internet experience


  • Next message: "re:investigating misuse of the internet"

    Relevant Pages

    • Re: Oh Poor Brucie! LOL Miserable POS
      ... being "the worst scandal in the history of the United States?" ... > I have zero involvement with lyme ... So all you do is blather non stop on the internet? ... Gee I just thought it was a paranoid schizophrenic thing! ...
    • RE: investigating misuse of the internet
      ... cleaning the history or cache regularly (e.g. setting history retention to 0 ... bit-stream image of the original drive, as will other digital forensics ... investigating misuse of the internet ... Temporary Internet Files ...
    • RE: Removing search addresses
      ... Click on General Tab then click on Clear History, also you can set the day ... Empty Temporary Internet Files folder when browser is closed. ... "Reg Garbett" wrote: ...
      ... One day the site was for history, ... but then some self-proclaimed experts who when it suits them read the ... 'Redemption Hold Period' of the 5 days which follows the Grace Period ... splendid example of going off topic in an internet group, ...
    • Re: Texting killing tells us only one thing
      ... much about the shooting death of someone for texting during a ... Internet story, readers can't look away. ... that although we receive news of this horrible incident as evidence of ... "Man shoots texter" is not evidence of a larger societal trend unless ...