How to remove all traces of pornography from a work related computer system

[John Barnett MVP]

Simply reformatting or fdisking your hard drive will 'not' remove the
evidence. Even after a reformat it can still be recovered using forensic
software such as EnCase.

 

[Alias]

How about after writing zeros to the drive?
--
Alias

Use the Reply to Sender function of your news reader program to email me.

: Simply reformatting or fdisking your hard drive will 'not' remove the
: evidence. Even after a reformat it can still be recovered using forensic
: software such as EnCase.
:
: --
: John Barnett MVP
: Associate Expert
: http://freespace.virgin.net/john.freelanceit/index.htm
: : >
: > Stuart,
: >
: > Yddap has the most correct answer though people claim (I quite sure)
they
: > can still recover data after an FDISK and reformat. For now, log onto
your
: > machine (from a reboot) in an administrator's account other than your
own.
: >
: > Go to,
: >
: > rootdrive\Documents and Settings\username\Cookies
: > Delete all from here especially Index.dat file,
: >
: > rootdrive\Documents and Settings\username\Local Settings\History
: > Delete all sub entries except desktop.ini,
: >
: > rootdrive\Documents and Settings\username\Local Settings\Temporary
: > Internet
: > Files\Content.IE5
: > Delete all from here especially Index.dat file,
: >
: > From Internet Explorers' settings clear history that appears in its'
: > search
: > bar.
: >
: > Via google get a trial version of Vopt defrag program, defrag your disk
: > and
: > then use the tool that performs I think it was 21 deletes over the
: > 'unused'
: > or unreferenced space on the disk, may take a few years to complete the
: > delete operation.
: >
: > This will stop the scratch the surface investigator, but like I've read,
: > if
: > someone wants to go deep they will find something..
: >
: > There are also 3 party tools that will do all of the above.
: >
: > Regards,
: > Winux P
: >
: > Happy and safe New Year Newgroup...
: >
: > : > :
: > : : > : >I would like to know what is needed to be done in order to remove all
: > : >traces of legal pornography from a computer system. I do mean 100%
: > remove
: > : >as in nobody can find any traces of it.
: > : >
: > : >
: > : >
: > :
: > : 100% answer --- "reformat and reload " at least
: > : --
: > :
: > : Yddap
: > : Remove guts to reply
: > :
: > :
: >
: >
:
:

 

[Leythos]

How about after writing zeros to the drive?

You need to low-level wipe the drive and then write a series of hex
values to each sector a number of times. When I wipe drives before
donating systems I use a DOD spec app and run them about 32 times.

 

[Alias]

: In article <[email protected]>, (e-mail address removed)
: says...
: > How about after writing zeros to the drive?
:
: You need to low-level wipe the drive and then write a series of hex
: values to each sector a number of times. When I wipe drives before
: donating systems I use a DOD spec app and run them about 32 times.
:
: --
: --
: (e-mail address removed)
: (Remove 999 to reply to me)

Wow, that's a lot.

 

[Jim]

How about after writing zeros to the drive?

Traces of previous data still exists in the drive. Some have claimed to be
able to read 9 layers deep.
Jim

 

[Alias]

:
: : > How about after writing zeros to the drive?
: > --
: > Alias
: Traces of previous data still exists in the drive. Some have claimed to
be
: able to read 9 layers deep.
: Jim

I guess that leaves running over it with a mack truck to be absolutely sure.
--
Alias

Use the Reply to Sender function of your news reader program to email me.


:
:

 

[_Vanguard_]

:
: : > How about after writing zeros to the drive?
: > --
: > Alias
: Traces of previous data still exists in the drive. Some have
claimed to
be
: able to read 9 layers deep.
: Jim

I guess that leaves running over it with a mack truck to be absolutely
sure.

Businesses that want to ensure no data ever gets discovered from any
hard disks they discard will shred them (open the case, shred the
platters). That's one shredder I don't want my tie getting stuck in!

 

[Terry]

I would like to know what is needed to be done in order to remove all traces
of legal pornography from a computer system. I do mean 100% remove as in
nobody can find any traces of it.

Your employer's IT department will be able to help you with that.
Right after they escort you to the H.R. department.
[/QUOTE]

Did Stuart ever say it was a work computer? I don't think so.

--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Bruce Chambers]

Did Stuart ever say it was a work computer? I don't think so.

Actually, he did. Didn't you read the subject line of the post?

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Terry]

Did Stuart ever say it was a work computer? I don't think so.

Actually, he did. Didn't you read the subject line of the post?
[/QUOTE]

Sorry. I read through his whole post and didn't see it. And my Subject
width cut off after "from".

--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Carpe Diem]

What business is that of yours to ask?

The OP first said it was a company computer, now the descriptor has
changed to "my computer". I would like to know as well... What are you
doing installing or downloading anything pornographic on a 'work'
computer?

 

[Vanguard]

The OP first said it was a company computer, now the descriptor has
changed to "my computer". I would like to know as well... What are you
doing installing or downloading anything pornographic on a 'work'
computer?

--
the JarHead

There are 10 types of people in the world; those who understand
binary, and those who don't.

I bet the OP also doesn't realize that his company might be sniffing his
traffic and already know about his lascivious and definitely non-work
related activities on company time. Their just waiting until he has
used up their tolerance, or they just lost their tolerance and told him
to clean up and do only work at work.

We had guy that was downloading a huge amount of this porn crap on a
company computer using company resources while getting paid by the
company. I talked to my boss about it (because the guy wasn't getting
his work done and I had to share this computer) and he already knew
about it, already talked to the guy a couple times to warn him, but
eventually his continued violation of company policy exceeded the boss'
tolerance, especially when the joker starting making hardcopies and
wasting toner and paper on this garbage. He got to see new people,
visit new places, and have new adventures. He got fired. I then had to
pull all the company data from his computer and then wipe the computer.
Yeah, on occasion I'm not against looking at some naked pretty women but
the stuff this guy had on the disk was just tasteless and gross. I
didn't even want to sit in his chair, if you get my meaning. I couldn't
absolutely declare that any of it was illegal, like kiddy porn, but it
was definitely nothing a company wants on their computers (and probably
not even porn companies since they want business stuff on their business
computers).

The OP's gotten enough suggestions on how to cover his butt regarding
how to eradicate the non-work related crap he put on the company
computer, maybe after realizing he could lose his job over this.
However, it doesn't necessarily wipe the trail of evidence if he was
using the corporate network to get it.

 

[Guest]

The IT Department would more than likely in this case have some form of proxy
server in place, be this a linux box, Microsoft ISA server or another vendor.

Unfortunately, I should have to warn that no matter WHAT you do on your
client computer, there are steps in the chain between you and the porn site
that you have NO control over.

Corporate IT Departments learnt long ago that people can do this, as have
the 15 year old students from the school I used to work at.

Therefore they can (and quite often DO) monitor your internet traffic
without you even knowing. Read your contract very carefully, look over any
Internet / Computer user agreements you may have (and don't go asking the
guys in HR as this will flag massive warning signals to them) and see what is
considered "Acceptable Use."

There are logs at your proxy / internet gateway that keep track of who is
doing what. The net admin may have it set at verbose (meaning it logs every
web site visit) or based on keywords such as Breast naked etc.

If key words such as "Breast" come up, they will often be compared to the
surrounding text when they look at the URL. eg. Breast Cancer would be legit
wheras Big Breasted Bikie Girls would not.

Unless you ARE the network admin or your network admin has not configured
this (unlikely you can find out without trial and error resulting in
unemployment) you will have no real way of finding this out.

My advice would be:
1.) Update your resume
2.) Learn from the experience
3.) Create an "alibi" and stick to it...
4.) Install some form of software like Gator and other spyware / adware /
malware programs that will hijack your browser. This is not recommended, but
if it sets your homepage to "Teenporn.com" then figure it out, then the
possibility of you having "mistakenly" gone to a dodgy site on more than one
occasion would increase tenfold. Go tell IT that something nasty is going on
with your computer. They will remove it and this is probably your best option
to cover your backside.
5.) LEARN FROM THE EXPERIENCE