Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: JonArgraig on 14 April 2008, 18:43:10
-
Afternoon chaps,
Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.
Any idea's peoples ?
-
Afternoon chaps,
Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.
Any idea's peoples ?
in business environment, f/w logs ;)
in home environment, isps retain a lot, but will only release to authorities....
-
Afternoon chaps,
Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.
Any idea's peoples ?
One of the commercial forensic HDD analysis/recovery products would allow you to review all not-yet overwritten data (which may or may not include logs/files/TMP data etc), a tedious job it will be though.....but, if you intend to go down that path; STOP using the machine in question immediately and wait until you have the forensic-software to hand, as any use will risk overwriting the stuff you`ll be interested in.
-
They have been locked in my office for the last 2 weeks since the staff where removed, any one got any recomedations for a good package to use ?
-
Afternoon chaps,
Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.
Any idea's peoples ?
in business environment, f/w logs ;)
mmm Fire wall logs, thats going to be fun, but cracking idea :) thanks
in home environment, isps retain a lot, but will only release to authorities....
-
They have been locked in my office for the last 2 weeks since the staff where removed, any one got any recomedations for a good package to use ?
Having had experience of working in a 'sensitive-environment'. I have always been really careful about data management and cleansing.
I have used these kind of products to ensure real-world destruction/deletion has taken place, and it has served me well, it is of course equally useful for forensic data recovery. ;)
http://www.x-ways.net/
-
Having a go at the FW logs now, looks promissing thanks chaps
-
Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.
Kevin
-
Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.
Kevin
Last time we had that done (was for data recovery rather than forensic) it cost about £250k
-
Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.
Kevin
Last time we had that done (was for data recovery rather than forensic) it cost about £250k
I'm guessing that was for a bit more than a desktop PC though?
I've had a failed RAID5 array done for about 1K. I'm guessing if you just want specific information they would be reasonable. The guy I used does that kind of stuff for law enforcement so I guess he could probably go straight to the information you need.
Don't know. Might be worth a phone call depoending on how important it is that you find everything and that you don't lose the evidence.
Kevin
-
Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.
Kevin
Last time we had that done (was for data recovery rather than forensic) it cost about £250k
I'm guessing that was for a bit more than a desktop PC though?
I've had a failed RAID5 array done for about 1K. I'm guessing if you just want specific information they would be reasonable. The guy I used does that kind of stuff for law enforcement so I guess he could probably go straight to the information you need.
Don't know. Might be worth a phone call depoending on how important it is that you find everything and that you don't lose the evidence.
Kevin
Yes, it was more than a PC. Can't say what it was, as it was a very visible thing, and I think the incident is under NDA still.
-
Mine is a simple humble desktop PC, but we suspect them of on line gambling, well we "know" but need proof going to wait every one has gone home then have a play.
I much prefere Roulette logs :(
-
but we suspect them of on line gambling,
:(
Someone took my debit card on-line gambling to the tune of £4500 recently and it wasn't me...
-
Mine is a simple humble desktop PC, but we suspect them of on line gambling, well we "know" but need proof going to wait every one has gone home then have a play.
I much prefere Roulette logs :(
The f/w carnt be setup very well if it allows intranet users to access such sites :-?
-
Mine is a simple humble desktop PC, but we suspect them of on line gambling, well we "know" but need proof going to wait every one has gone home then have a play.
I much prefere Roulette logs :(
The f/w carnt be setup very well if it allows intranet users to access such sites :-?
Our place has opened them all up (f/ws are better so can content screen better). Then its a good way to dismiss people ;)
-
Mine is a simple humble desktop PC, but we suspect them of on line gambling, well we "know" but need proof going to wait every one has gone home then have a play.
I much prefere Roulette logs :(
The f/w carnt be setup very well if it allows intranet users to access such sites :-?
It's one of our customers sites we support...
So blocking it's not a option, unlike facebook, why the hell no one's blocked I'm gob smacked
-
did you have a word, Jon
-
Yup, I'm in full on arsehole mode at the moment
-
Digging around - surprising what can be found with FF.EXE - lets say I am a little happy they were caught but disappointed at the sentence.
BTW I suggested FF someone else found the evidence, personally I would have just killed the person rather than report to Police.
Unsavoury stuff found - not saying any more in forum PM if interested
-
Right chaps I'm not having much luck here, tried the index.dat and thats bare...
if any one has the time could you hit me up on yahoo or msn instant messengers
guvnorrbm (yahoo ID)
guvnorrbm "at" msn.com (MSN ID)
-
Not an expert by any sense mate but shouldn't you be moving the HD into another machine and imaging it before you corrupt anything you might need?
-
Not an expert by any sense mate but shouldn't you be moving the HD into another machine and imaging it before you corrupt anything you might need?
Already done :)
-
Just like to say thanks to you all, and thanks to martin for the PM.
Didn't find what I was hoping for but found enough "other" stuff to warrent a p45
-
Do, tell, what were they doing? if you can. :)
-
Just found there MSN/Yahoo chat logs where the 3 people in question are talking about
a) what they did
b) How they could hide it
c) How they wont get caught
I laughed... hard...
-
Do you mean company sabotage or just pratting about? :) In company time. :(
-
Dicking around, creating fake jobs in queing system to boost there stats for bonus time, downing, on line gambling, crap taste in music etc etc
-
Dicking around, creating fake jobs in queing system to boost there stats for bonus time, downing, on line gambling, crap taste in music etc etc
Is that a sackable offence these days......
I'll get me coat and personal stuff ;)
-
Dicking around, creating fake jobs in queing system to boost there stats for bonus time, downing, on line gambling, crap taste in music etc etc
Is that a sackable offence these days......
I'll get me coat and personal stuff ;)
Aqua... Barbie girl...
They should be shot
-
Dicking around, creating fake jobs in queing system to boost there stats for bonus time, downing, on line gambling, crap taste in music etc etc
Is that a sackable offence these days......
I'll get me coat and personal stuff ;)
Aqua... Barbie girl...
They should be shot
Shootings too good for em. ;D