RE: Internet Explorer History

"attempted to make a purchase"? Does that mean the transaction was processed
but declined due to lack of funds or other reasons? If so, pull the account
record on the card. It's a company issued card so no privacy laws apply as
far as I know. The credit issuer should be able to show all "hits" on the
account, approved or not (including credit verification queries etc).

From the way your question is worded it seems they already have the above
information and need the hard data to back it up in case of pursuing
prosecution (or protection from prosecution if the employee files wrongful
termination). If for some reason you still require the data from the laptop
check the cookie cache as well as the temp folder which may contain
information to bolster what's found in the index.dat. If this is to be used
or may be used in legal proceedings, do *not* pull the forensics information
from the laptop interactively but create a write-only locked disk image and
pull the info from that. This preserves the chain of evidence etc so there
can be no question on the integrity of the data.

I would recommend reading up on the legal aspects of obtaining data forensic
evidence prior to proceeding.

Oh, and there are multiple tools available to read the index.dat. Index Dat
Spy 2.0 and others, google around for some.


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"



-----Original Message-----
From: kruptos [mailto:kruptos@xxxxxxxxxxxxx]
Sent: Sunday, July 16, 2006 5:13 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Internet Explorer History

Hello All,

I have been tasked with recovering the recent history of an
individual laptop. It is suspected that the individual may
have gone to a "escort"
site and attempted to make a purchase via company credit card.

I know you can pull up recent history with some of the many
index.dat readers available. I have the laptop as part of a
domain and a GPO that does not allow users to "Clear History"
is enforced.

It has been a while, what are the best tools for recovering
recent sites visited. Also, if a user is able to clear the
history in IE, is there still a way to pull up the history?

Thanks!

-Kruptos

--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win
the Analyst's Choice Award from eWeek. As attacks through web
applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most
comprehensive solutions to meet your application security
penetration testing and vulnerability management needs. You
have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help
you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your results from other product. Contact us at
request@xxxxxxxxxx for details.
--------------------------------------------------------------
----------------


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.1/389 - Release
Date: 7/14/2006



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.1/389 - Release Date: 7/14/2006



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------

Relevant Pages

  • Re: Photo of WTC
    ... To Conceal Its Dark Secrets About 911 ... The plane was not flying tin, and the concrete was not 28 feet thick. ... Oh, security, my fucking ass. ... Only a whack job would believe that any organization could pull everything together which would've been necessary to pull off the whole 911 episode and make it look like something else without having it exposed by now. ...
    (alt.sports.football.pro.ne-patriots)
  • Re: Disable Account
    ... but I don't know the exact right as I've never thought about doing ... Pull up the properties on an OU or container and choose security, ...
    (microsoft.public.win2000.active_directory)
  • Re: git pull on Linux/ACPI release tree
    ... On Sat, 7 Jan 2006, Len Brown wrote: ... in this pull, I think almost exactly half of the commits were just these ... except to make the history harder to read. ... that doesn't have to happen in the development branch itself. ...
    (Linux-Kernel)
  • Re: Space Cadeets hoax
    ... > A new reality TV show is aiming to pull off the biggest hoax in TV ... > history - ...
    (uk.media.tv.misc)
  • RE: [Gelato-technical] Re: Serious performance degradation on a RAID with kernel 2.6.10-bk7 and late
    ... Only a new user would have to pull the whole history ... ... uses it is sufficient to just pull the current top of the tree. ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)