Hosting Provided By

investigating misuse of the internet

From: ICT User <ictuser2002(at)yahoo.co.uk>
Date: Wed Jul 09 2003 - 04:21:57 EDT

Hello all,

Occasionally our monitoring software alerts us that someone has tried to access a dodgy web site. If it is deemed serious enough then as well as the reports the we can generate from the software, we are asked to actually go and check out the user's machine for any evidence of misuse.

Does anyone know of a formal check list of stuff to go through when doing this on a Windows PC (98 or 2000). I have found lots of info about what to look for when investigating a hacked PC, but what about when looking for signs of a user's internet activity? Temporary internet files, history, cookies, search for jpegs, mpegs, etc. These are the sort of things we normally look at, but I want to make sure that I don't miss anything important just in case it goes legal.

Also, if the user had set Internet Explorer options to keep 0 days history then does this mean all evidence has gone, or is there anything else I can look at, e.g. any registry keys?

Thanks,

Andy

Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html

Received on Wed Jul 9 04:49:40 2003

This message: [ Message body ]
Next message: Jason.North(at)ch2m.com: "re:investigating misuse of the internet"
Previous message: Pogue: "Re: FW: Keyboard Locking/Invisible Screensaver"
Next in thread: M. Burnett: "Re: investigating misuse of the internet"
Reply: M. Burnett: "Re: investigating misuse of the internet"
Reply: Craig Foster: "RE: investigating misuse of the internet"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:34 EDT