[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SAGE] Internet History tool
Here are some snippets from emails on various lists to which I've
subscribed - I've made no effort at attribution, nor have I checked
the links, but you'll probably find some of them useful.
Of course, I know that one of your recommendations to them will be to
put up a caching web proxy with authentication for future use.
Kurt
---------------------------------------------------------------------------------------
See the web browser history log check recommendations here:
http://www.perverted-justice.com/guide/?pg=parents
---------------------------------------------------------------------------------------
Part 1: Focuses on Internet Explorer
http://www.securityfocus.com/infocus/1827
Part 2: Focuses on Firefox
http://www.securityfocus.com/infocus/1832
---------------------------------------------------------------------------------------
==== 1. In Focus - Browser History: What Happened? ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Occasionally, you might need to trace a user's Web-browsing path.
Manual forensic analysis, which involves digging through cookie files,
the browser's cache, and browser history data, isn't easy.
For a good rundown on forensic analysis of browser activity, you should
consider reading "Web Browser Forensics, Part 1," by Keith J. Jones and
Rohyt Belani of Red Cliff Consulting. The article, published on the
SecurityFocus Web site, offers a brief usage overview of some very
useful tools: in particular, Pasco, Internet Explorer History Viewer,
Web Historian, and Forensic Toolkit.
http://list.windowsitpro.com/t?ctl=87E4:4FB69
Pasco is an open-source tool that can be used to reconstruct browser
use from Microsoft Internet Explorer's (IE's) index.dat files. The
files contain data such as which URLs were visited and when. Pasco is a
command-line tool that creates a text-based output file.
http://list.windowsitpro.com/t?ctl=87E7:4FB69
Internet Explorer History Viewer, available from Phillips Ponder, has
been around for a while. It too can reconstruct IE usage and has the
added benefits of being able to read Netscape history data and find
fragments of deleted files in the Windows Recycle Bin. IE History costs
$50.
http://list.windowsitpro.com/t?ctl=87E2:4FB69
The free Web Historian, provided by Red Cliff Consulting, is more
powerful than the previous two tools. It can help you analyze the
historic usage of Internet Explorer, Mozilla, Firefox, Netscape, Opera,
and Apple Computer's Safari.
http://list.windowsitpro.com/t?ctl=87D7:4FB69
Forensic Toolkit (FTK), from AccessData, is the most powerful of the
bunch, and at $995, it better be. It too can reconstruct browser use
history, but it's also billed as a tool that can perform "complete and
thorough forensics examinations." Among other tasks, Forensic Toolkit
can index entire drives, allows quick text searches, and supports more
than 270 file types.
http://list.windowsitpro.com/t?ctl=87DE:4FB69
---------------------------------------------------------------------------------------
On 1/5/07, Aaron Bridge <a.bridge@insightbb.com> wrote:
> I will going to a company who wants me to look on all their users
> computers see what websites they have been accessing on the Internet.
> Yes, I could do this by looking in History and Temporary Internet
> Files. Does anyone now of any "tools" or other ideas that will make
> this task easier and more thorough?
>
> I should mention these are Windows XP SP2 workstations.
>
> Thanks,
> Aaron
>