Google History

Viewing 11 reply threads
  • Author
    Posts
    • #2260
      mambo
      Participant

      Hi Guys,
      I need a hand. My boss has approached me to have a look at one of the computers at work because someone has been searching some pretty obscene and disgusting things on google. They still appear in the google toolbar in Internet Explorer when you press down to see the recent searches.
      my questions is, is there a way of finding out the date and time of these searches as to narrow down to who it could possibly be.

      I was thinking it should be stored in cookies, but they may have deleted them.

      Any help or input would be awesome!

      Regards

      Craig

    • #17180
      Marshel007
      Participant

      go to the following path:

      C:Documents and SettingsLocal SettingsHistory

      and search there for the “pretty obscene and disgusting things” and you’ll find them and there Date.

      If they were already deleted try to use a program (EnCase for instance)  to see what has been deleted lately.

    • #17181
      shawal
      Participant

      Mambo,

      First you need to tell your boss depending on your situation  to get the approval to do so from the legal authority in your company, that is if you do have such a thing, or at least HR department if you do have this department too.

      As by doing so you might be violating the employee privacy even if its against company policy to do so.  and i do hope that you do have a policy in place that states so, and defines what is obscene or not obscene.

      now technically if you are running a proxy which you should have, then these will be in the proxy logs anyhow, and I hope if you are runing a proxy that people do authenticate to it so you can narrow it down to a person, and place (ip) and date.

    • #17182
      iSmith
      Participant

      if you need to, there is freeundelete by office recovery. it is an essential tool and you should have it.

    • #17183
      mambo
      Participant

      A bit more info then;

      I’m currently studying I.T at college and off to study Computer security at uni in september. I work part time for an estate agents when im not at college.
      This therefore makes me the ‘I.T Guy’.

      I have to show them everything they don’t know how to do.

      So our office is only small. None of the computers are passworded or anything of such so it would be easy for someone to search such content on someone elses computer. Because the boss regularly checks the history to see what everyone is looking at, everyone deletes their history.
      This give me the problem of the history being deleted, but the google searchs still there

      This person has blamed a former employee for the searches, but the former employee left 10 months ago. my first reaction was…well it wont store 10 months of searches. And secondly the hard drive was reformatted when he left…defiantly no data left.

      So i have been asked to look into weather i can date the searches.

      Which is when i turn to you rather useful and friendly fountains of knowledge for my help.

      Thank you very much for your help so far. I am not working again until Saturday, when i will be looking into this, so anymore input up until then would be fantastic.

      Thanks again!

      Craig

    • #17184
      eth3real
      Participant

      If the user has an iGoogle account, you can try to check the Web History in iGoogle.

    • #17185
      Marshel007
      Participant

      you can still recover deleted history files even if the hard drive was formated  but if The files were overwritten by some wiping algorithm  (Like Dod-5200.28 or Gutmann_method) then you can’t recover them.

    • #17186
      shawal
      Participant

      what you are refering to above is the autocomplete enteries not the history.
      I do not know how ie stores this, or where it stores this. most likley google would know that. however  I stumbled upon this program to import and export these enteries among IE passwords that might prove useful, i have not tried it, nor do i have a use of it at least yet. use with caution, and research it first

      http://www.rixler.com/internet_explorer_password_revealer.htm

      HTH

      W.

    • #17187
      Bogwitch
      Participant

      I am not a lawyer.

      If there are no passwords on the systems, I seriously doubt you have any chance of proving who was responsible. There is a world of difference between suspecting and proving in a court of law.

      If the material was of an illegal nature you should call in the police. Failure to do so makes you and your company complicit. The more the information is examined, the more the evidence is corrupted. If the material is illegal, call the police immediately. I’m sure if your perpetrator is still working at the company, having the police take a computer away for forensic examnination will, at least, stop them from viewing such material.

      This would also be an ideal opportunity to suggest to your company that they need to take the security of their systems seriously. I’m sure they have customer data on these computers and I doubt they would continue to be happy customers if they were aware of how their information was being handled.

      I do not know which country you are from and the laws concerning indecent material vary from county to country as do the laws concerning computer misuse and investigation.

      I am not a lawyer but if you are in England or Wales, I can provide you with the advice you need from a legal perspective. If not, consult a lawyer and probably even if you are in England or Wales!

      Did I mention I am not a lawyer?

    • #17188
      mambo
      Participant

      Cheers for the help so far!

      In regards to the content, I don’t believe it is illegal, i just guess some people like certain things others dont.

      its not a legal issue, just something people should really not be looking at at work

      In regards to narrowing it down to the people involved, if the date is closer than 9 months, it will narrow it down substantially.

      To Shawal:

      Cheers for the link! i will check it out when im on the office!

      Thanks again guys

    • #17189
      Data_Raid
      Participant

      You could always install an Anonymous Proxy and track usage via the IP Address.

      What about your policies at work/school, do you have any policies in place that employees are forced to sign it terms of company equipment usage?
      What I’m getting at is it might be fine to state that the material the employee is viewing might be inappropriate, it’s whether the employee has had fair warning and has agreed to the terms of company equipment usage that has been signed and agreed to.

    • #17190
      SynJunkie
      Participant

      are there any proxy server logs or web filter logs that you can cross reference the sites through. that may help you place the individual at the PC at the time.

      Whats also useful if you do have logs is looking at what else the  IP did at about the same time.  did the IP visit a myspace page or a gmail account at the same time? if so can you tie some activity to an individual.

      One tool I would like to suggest is RegRipper by Harlan Carvey. Its a brand new tool and I’m yet to give it a good run-through yet, but it might help with the visited Urls. Look on sourceforge for it.  And please give Harlan feedback on bugs etc…

      Regards

      SynJunkie

Viewing 11 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?