Re: Internet Explorer History

From: Chetan Gupta (chetan.gupta@niiconsulting.com)
Date: Mon Jul 17 2006 - 12:56:31 EDT

• Next message: Dixon, Wayne: "RE: the best pen-testing live linux distro????"
• Previous message: Dragos Ruiu: "PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30)"
• In reply to: kruptos: "Internet Explorer History"
• Next in thread: killy: "Re: Internet Explorer History"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Kruptos,
There are many tools to recover recent internet history of a user if
you have access to his index.dat files.
IE has three separate logging facilities that can be used to
reconstruct the suspect's web browsing activities. They are:

a. History of visited URLs
b. Cookies
c. Temporary Internet Files

The best tools (in the order of my preference) are:

1. Netanalysis ( Amazing tool, provides a variety of filtering
capabilities and ability to read and correlate all the three types
of files but commercial)
2. Encase/ Accessdata ( Both commercial tools, expensive but provide
good analysis capability)
3. Web Historian ( A free tool from mandiant.com, provides nicely
formatted excel sheet output)
4. Pasco/Galleta ( another set of free tools, command line , a little
clumsy but nevertheless do the job)

You can get the detailed information on how to interpret the
information at this link:
http://www.niiconsulting.com/checkmate/2006/01/browser-secrets-unveiled

I hope that helps!
Regards,

Chetan

-- 
Chetan Gupta GCFA, CCNA, CIW Sec. Analyst
Forensic Analyst
NII Consulting Pvt. Ltd.
Email:  chetan.gupta@niiconsulting.com
Mobile: +91 9867780965
Web: www.niiconsulting.com
 ------------------------------
------------------------
Online Computer Forensics Magazine
http://www.niiconsulting.com/checkmate
Comprehensive Incident Response and Forensics Services
 http://www.niiconsulting.com/services/liveresponse.html
On 7/17/06, kruptos <kruptos@unguarded.org> wrote:
> Hello All,
>
> I have been tasked with recovering the recent history of an individual
> laptop. It is suspected that the individual may have gone to a "escort"
> site and attempted to make a purchase via company credit card.
>
> I know you can pull up recent history with some of the many index.dat
> readers available. I have the laptop as part of a domain and a GPO that
> does not allow users to "Clear History" is enforced.
>
> It has been a while, what are the best tools for recovering recent sites
> visited. Also, if a user is able to clear the history in IE, is there
> still a way to pull up the history?
>
> Thanks!
>
> -Kruptos
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
-- 
Chetan Gupta GCFA, CCNA, CIW Sec. Analyst
Forensic Analyst
NII Consulting Pvt. Ltd.
Email: chetan.gupta@niiconsulting.com
Mobile: +91 9867780965
Web: www.niiconsulting.com
------------------------------------------------------
Online Computer Forensics Magazine
http://www.niiconsulting.com/checkmate
Comprehensive Incident Response and Forensics Services
http://www.niiconsulting.com/services/liveresponse.html
------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Dixon, Wayne: "RE: the best pen-testing live linux distro????"
• Previous message: Dragos Ruiu: "PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30)"
• In reply to: kruptos: "Internet Explorer History"
• Next in thread: killy: "Re: Internet Explorer History"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:19 EDT