This is an intersting writeup about methods for doing an investigation of web browsing activity from a forensics standpoint. I would have liked to have seen the authors at least address the fact that they are likely to be working on a mirror of the disc in question. After all, if a non-trained investigator were to follow these instructions to the letter, they would likely wind up "stepping all over the crime scene" and therefore rendering their results of little use - either to HR or to law enforcement. That being said, the tools and methods they describe are very useful - for example, I've always wondered how to get information out the index.dat file...
Posted by Ed at March 31, 2005 11:06 AM