[Dshield] Forensics and hard drives

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Apr 12 17:06:25 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



12.4.2007 18:05 (UTC+3), Kenneth Coney kirjoitti/wrote:
> Surely Windows keeps an internal record of 
> connections with foreign computers somewhere, but in which file?  

=> index.dat

There is at least one free tool I have heard of (Index.dat Analyzer
v2.0, Supported OS: Win XP, IE 6.0+), by which you can examine the
connections.

For more info, please see http://www.systenance.com/indexdat.php.

(There is a D/L link at the page as well.)

HTH,
Pete


  "There is a great satisfaction in building good tools
                    for other people to use."
    Freeman Dyson (b. 1923); British-born U.S. physicist, author.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGHmcRQ21KCihDnSQRAmh4AJ0ffUzwNQklPQWz7ZHlTZhsKn02dwCggupc
9fB/0qagsqatueepjTfvObs=
=waej
-----END PGP SIGNATURE-----


More information about the list mailing list