[Dshield] Forensics and hard drives
peter.stendahl-juvonen at welho.com
Mon Apr 16 12:56:57 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
12.4.2007 20:06 (UTC+3), Peter Stendahl-Juvonen kirjoitti/wrote:
> 12.4.2007 18:05 (UTC+3), Kenneth Coney kirjoitti/wrote:
>> Surely Windows keeps an internal record of
>> connections with foreign computers somewhere, but in which file?
> => index.dat
> There is at least one free tool I have heard of (Index.dat Analyzer
> v2.0, Supported OS: Win XP, IE 6.0+), by which you can examine the
> For more info, please see http://www.systenance.com/indexdat.php.
Further research in the tool mentioned would suggest that the tool is
very MS oriented. It apparently concentrates on MS IE usage and
apparently MS Outlook (possibly Outlook Express as well) only.
The restrictions have naturally to do with the contents of the index.dat
Therefore, it is not of much use, unless those programs were part of a
vector, when the system possibly connected to another host.
Sorry for the suggestion towards an apparently very limited or very
- - Pete
"In computing, turning the obvious into the useful
is a living definition of the word 'frustration'."
Alan Jay Perlis (1922-1990) US computer scientist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the list