[Dshield] Forensics and hard drives

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Mon Apr 16 12:56:57 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


12.4.2007 20:06 (UTC+3), Peter Stendahl-Juvonen kirjoitti/wrote:
> 
> 
> 12.4.2007 18:05 (UTC+3), Kenneth Coney kirjoitti/wrote:
>> Surely Windows keeps an internal record of
>> connections with foreign computers somewhere, but in which file?
> 
> => index.dat
> 
> There is at least one free tool I have heard of (Index.dat Analyzer
> v2.0, Supported OS: Win XP, IE 6.0+), by which you can examine the
> connections.
> 
> For more info, please see http://www.systenance.com/indexdat.php.
> 


Kenneth,

Further research in the tool mentioned would suggest that the tool is
very MS oriented. It apparently concentrates on MS IE usage and
apparently MS Outlook (possibly Outlook Express as well) only.

The restrictions have naturally to do with the contents of the index.dat
file.

Therefore, it is not of much use, unless those programs were part of a
vector, when the system possibly connected to another host.

Sorry for the suggestion towards an apparently very limited or very
specific tool.

- - Pete


         "In computing, turning the obvious into the useful
          is a living definition of the word 'frustration'."
          Alan Jay Perlis (1922-1990) US computer scientist



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGI3KYQ21KCihDnSQRAmE+AKCCsI+xzkClkeZ4W3akvLXSPWG+VACfckCa
gMM9TWfo0aCKyrkjoqLRtAE=
=V0eA
-----END PGP SIGNATURE-----


More information about the list mailing list