Resources

CGM Systems, Inc. - Technology Consulting since 1988
(all information is provided as-is and without warranty. You assume all risk for it's use)

Home 3D Printing Hardware Reviews Home Networking Internet Tips Miscellaneous Tips Security Service Reviews Software Reviews Humor and recreation Wireless access pts Editorials
CGM Systems, Inc. - Computer Consulting in Southampton, Pa. Logo

CGM Systems, Inc.
Resources home
Contact Us
Online Store

 

CGM Systems Home

Resources Home

 


 

Miscellaneous Tips:

Basic Forensics Burning CDs The Event Viewer FrontpageTips Road warrior tips Outlook PST Recovery Vaio Hard drive System Purchasing Nic Surge Suppression Od Machine Disposal

Basic Computer Forensics

There are times when you have a legitimate need to determine how a computer is being used. There are some simple things you can do that will give you a fairly good idea of how someone is using a particular machine.

We should preface this by saying that this information can be used for good or evil purposes. Also, you should be aware of any applicable federal, state or local laws regarding privacy.

There are times where there is a legitimate need to investigate computer use. An employer might suspect an employee of theft, surfing porn (which can lead to a lawsuit against the employer) or other illegal activity.

Bypassing login passwords.

Employers should always be able to access a machine. If you are using XP, you should create an account for the user that is not the administrator account. Then you will be able to use the Administrator account to browse the hard drive.

Search

You can see a pretty good history of how the machine was used by doing a Start, Search, All files and folders. Change the dates to the last two days and then search. When you get the list of files, you can sort the list by date or file type by clicking on the column titles.

The Recycle Bin

  • Double Click on the Recycle Bin. That will open it up and allow you to restore files that have been recently deleted.

Internet Explorer.

  • Open Internet Explorer, click on the down arrow button on next to the address box, you will see some of the sites visited

  • Click on the history button. That is a green button with an arrow pointing downward. If the history is not wiped out, it will show you some of the recent sites visited.

  • Check the favorites for any evidence of proxy or anonymous surfing sites. If you can't login as the user, you can find the favorites folder by logging in as an Administrator and going to C:\Documents and settings\[username]\Favorites. Anonymous surfing at work is usually a bad indicator.

My Documents

Simply go to Start, My Documents, and see what files have been used recently.

Disk Exploration

Warning - be careful with this. It is possible to move or delete critical system files if you are not careful.

There are a number of places where you can look to see if there is any indication of misuse of a machine. You want to open My Computer. In some cases you will get a warning asking if you really want to view the files, In this case, you should say 'yes'.

  • In My Computer, go to Tools, Folder Options, view and

    • show hidden files and folders

    • display the full path in the address bar

    • Display the contents of system folders

  • C:\Windows\Temp - Locate this folder. There will probably be two subfolders, among others, called Cookies and Temporary Internet files. Look in the cookies folder. Inappropriate sites will often set a cookie. Be aware that it is possible for cookies to be set without the user doing anything wrong. Look in the Temporary Internet Files folder. Go into Content.IE5 and then into any of the folders listed there. Do a View, Thumbnails. Look for any evidence of inappropriate images or files.

  • C:\Documents and settings\[username]\local settings. There you will find another Temporary internet files folder. Look in there for any inappropriate files.

Installed Programs

Go to Start, Control Panel, Add and Remove Programs. Look for games and other software that should not be installed.

Run an anti Spyware application - Run Ad Aware or Spybot. Quite often, a large number of spyware apps is indicative of misuse of the internet at work.

Wallwatcher

You can download wallwatcher for free. Install it on your computer. It will allow you to get a pretty good idea of how the internet is being used

Norton Internet Security

If you have the Norton Firewall running on the machine, you can use that to see what is being accessed on the internet. Open NFW and go to statistics, view logs. There is a lot of information there about how the computer has accessed the Internet.

Conclusion

The tips above will catch most casual abusers. Remember to stay within the law with these techniques. Be sure that you have a policy in place that asserts your right to monitor computer usage.

 

 

Google
Miscellaneous Tips:

Basic Forensics Burning CDs The Event Viewer FrontpageTips Road warrior tips Outlook PST Recovery Vaio Hard drive System Purchasing Nic Surge Suppression Od Machine Disposal

 


CGM Systems, Inc.
Resources home
Contact Us
Online Store
Main Menu . .

Home 3D Printing Hardware Reviews Home Networking Internet Tips Miscellaneous Tips Security Service Reviews Software Reviews Humor and recreation Wireless access pts Editorials

Copyright 2003, 2004, 2005
by CGM Systems, Inc


 

Legal Disclaimer: All information on this site is provided as-is and without warranty. Rates are subject to change without notice. All trademarks are the property of their respective owners. You may link to any page in this site, but you may not frame the content. Use of this site implies agreement to these terms. For more information, please see our policies About us: CGM Systems, Inc. is located in Southampton, Pennsylvania. We provide consulting services in the Greater Philadelphia area including Bucks County and Montgomery County. Some services such as website design are provided nationally. Some of the communities that we serve include: Upper Southampton, Lower Southampton, Trevose, Feasterville, Bensalem, Newtown, Doylestown, Richboro, Holland, Warminster, Huntingdon Valley, Morrisville, Yardley, New Hope, Solebury, Middleton, Oxford Valley, Neshaminy, Ivyland, Willow Grove, Bristol, Lahaska and more!

Last modified:  11/10/06