Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[JonArgraig]

Afternoon chaps,

Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.

Any idea's peoples ?

[TheBoy]

Afternoon chaps,

Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.

Any idea's peoples ?

in business environment, f/w logs

in home environment, isps retain a lot, but will only release to authorities....

[Debs.]

Afternoon chaps,

Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.

Any idea's peoples ?

One of the commercial forensic HDD analysis/recovery products would allow you to review all not-yet overwritten data (which may or may not include logs/files/TMP data etc), a tedious job it will be though.....but, if you intend to go down that path; STOP using the machine in question immediately and wait until you have the forensic-software to hand, as any use will risk overwriting the stuff you`ll be interested in.

[JonArgraig]

They have been locked in my office for the last 2 weeks since the staff where removed, any one got any recomedations for a good package to use ?

[JonArgraig]

Afternoon chaps,

Ive been tasked with finding out some one elses net use, there have wiped there cookies, history and faviots ect ect, and the windows event logs for explorer are blank.

Any idea's peoples ?

in business environment, f/w logs

mmm Fire wall logs, thats going to be fun, but cracking idea thanks

in home environment, isps retain a lot, but will only release to authorities....

[Debs.]

They have been locked in my office for the last 2 weeks since the staff where removed, any one got any recomedations for a good package to use ?

Having had experience of working in a 'sensitive-environment'. I have always been really careful about data management and cleansing.

I have used these kind of products to ensure real-world destruction/deletion has taken place, and it has served me well, it is of course equally useful for forensic data recovery.  

http://www.x-ways.net/

[JonArgraig]

Having a go at the FW logs now, looks promissing thanks chaps

[Kevin Wood]

Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.

Kevin

[TheBoy]

Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.

Kevin

Last time we had that done (was for data recovery rather than forensic) it cost about £250k

[Kevin Wood]

Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.

Kevin

Last time we had that done (was for data recovery rather than forensic) it cost about £250k

I'm guessing that was for a bit more than a desktop PC though?

I've had a failed RAID5 array done for about 1K. I'm guessing if you just want specific information they would be reasonable. The guy I used does that kind of stuff for law enforcement so I guess he could probably go straight to the information you need.

Don't know. Might be worth a phone call depoending on how important it is that you find everything and that you don't lose the evidence.

Kevin

[TheBoy]

Depending on importance / budget, there are companies who will take an image of the machine and do all sorts of forensics on it. They will know exactly where to go to save you poking around on the drive for ages too.

Kevin

Last time we had that done (was for data recovery rather than forensic) it cost about £250k

I'm guessing that was for a bit more than a desktop PC though?

I've had a failed RAID5 array done for about 1K. I'm guessing if you just want specific information they would be reasonable. The guy I used does that kind of stuff for law enforcement so I guess he could probably go straight to the information you need.

Don't know. Might be worth a phone call depoending on how important it is that you find everything and that you don't lose the evidence.

Kevin

Yes, it was more than a PC.  Can't say what it was, as it was a very visible thing, and I think the incident is under NDA still.

[JonArgraig]

Mine is a simple humble desktop PC, but we suspect them of on line gambling, well we "know" but need proof going to wait every one has gone home then have a play.

I much prefere Roulette logs

[Weds]

but we suspect them of on line gambling,
 

Someone took my debit card  on-line gambling to the tune of £4500 recently and it wasn't me...

[Taxi_Driver]

Mine is a simple humble desktop PC, but we suspect them of on line gambling, well we "know" but need proof going to wait every one has gone home then have a play.

I much prefere Roulette logs

The f/w carnt be setup very well if it allows intranet users to access such sites   :-?

[TheBoy]

Mine is a simple humble desktop PC, but we suspect them of on line gambling, well we "know" but need proof going to wait every one has gone home then have a play.

I much prefere Roulette logs

The f/w carnt be setup very well if it allows intranet users to access such sites   :-?

Our place has opened them all up (f/ws are better so can content screen better).  Then its a good way to dismiss people