Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Internet Explorer History
From: "Chetan Gupta" <chetan.gupta () niiconsulting com>
Date: Mon, 17 Jul 2006 22:26:31 +0530

Hey Kruptos,
There are many tools to recover recent internet history of a user if
you have access to his index.dat files.
IE has three separate logging facilities that can be used to
reconstruct the suspect's web browsing activities. They are:

a. History of visited URLs
b. Cookies
c. Temporary Internet Files

The best tools (in the order of my preference) are:

1. Netanalysis ( Amazing tool, provides a variety of filtering
capabilities and ability to read    and correlate all the three types
of files but commercial)
2. Encase/ Accessdata ( Both commercial tools, expensive but provide
good analysis capability)
3. Web Historian ( A free tool from mandiant.com, provides nicely
formatted excel sheet output)
4. Pasco/Galleta ( another set of free tools, command line , a little
clumsy but nevertheless do the job)

You can get the detailed information on how to interpret the
information at this link:
http://www.niiconsulting.com/checkmate/2006/01/browser-secrets-unveiled

I hope that helps!
Regards,

Chetan
--
Chetan Gupta GCFA, CCNA, CIW Sec. Analyst
Forensic Analyst
NII Consulting Pvt. Ltd.

Email:  chetan.gupta () niiconsulting com
Mobile: +91 9867780965
Web: www.niiconsulting.com

------------------------------
------------------------
Online Computer Forensics Magazine
http://www.niiconsulting.com/checkmate

Comprehensive Incident Response and Forensics Services
http://www.niiconsulting.com/services/liveresponse.html

On 7/17/06, kruptos <kruptos () unguarded org> wrote:
Hello All,

I have been tasked with recovering the recent history of an individual
laptop. It is suspected that the individual may have gone to a "escort"
site and attempted to make a purchase via company credit card.

I know you can pull up recent history with some of the many index.dat
readers available. I have the laptop as part of a domain and a GPO that
does not allow users to "Clear History" is enforced.

It has been a while, what are the best tools for recovering recent sites
visited. Also, if a user is able to clear the history in IE, is there
still a way to pull up the history?

Thanks!

-Kruptos

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------





--
Chetan Gupta GCFA, CCNA, CIW Sec. Analyst
Forensic Analyst
NII Consulting Pvt. Ltd.

Email: chetan.gupta () niiconsulting com
Mobile: +91 9867780965
Web: www.niiconsulting.com

------------------------------------------------------
Online Computer Forensics Magazine
http://www.niiconsulting.com/checkmate

Comprehensive Incident Response and Forensics Services
http://www.niiconsulting.com/services/liveresponse.html
------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]