View or parse contents of index.dat history file

  • Thread starter Thread starter Chris Guynn
  • Start date Start date
C

Chris Guynn

I am the network administrator for a police department and we have recently
discovered at least one case of improper internet usage. My chief has
requested that I audit the entire department to see if this was a single
instance of impropriety, or if the problem is more widespread than that. I
feel that the easiest / least obvious way of doing this is by going through
the user profiles that are stored on one of our servers and parsing the
index.dat files. How would I go about doing this. I've found a few 3rd
party programs that will allow me to view the index.dat of the currently
logged on (local) user, but have yet to find anything that will allow me to
parse (and/or print) the index.dat information for other users. I did a
groups.google search before posting this and found many people with similar
questions which never seemed to be answered. Does anyone have any
information that could be useful in my circumstances.

I would prefer a response through this newsgroup, but if you want to contact
me directly, I can be reached at
(e-mail address removed)-spring.tx.us.PleaseNoSpam just remove the
..PleaseNoSpam.

--
C Guynn

"I cannot undertake to lay my finger on that article of the Constitution
which granted a right to Congress
of expending, on objects of benevolence, the money of their
constituents...." --James Madison
 
I have not tried it myself but if you have not tried it already Foundstone has a free
tool called Pasco that my help. Keep in mind that unless you have strict controls
concerning user access to computers and auditing of user logons and logoffs, you are
going to have a hard time proving who actually did the improper usage. Often people
who do such activity do it on a coworkers computer that they did not lock/logoff of
or even an unauthorized computer on the network such as a laptop. Something like ISA
server would be much better at controlling and tracking internet usage. --- Steve

http://www.foundstone.com/index.htm...ation.htm&subcontent=/resources/freetools.htm
--- Pasco.
http://www.microsoft.com/isaserver/ --- what ISA does,
 
Steven L Umbach said:
I have not tried it myself but if you have not tried it already Foundstone has a free
tool called Pasco that my help. Keep in mind that unless you have strict controls
concerning user access to computers and auditing of user logons and logoffs, you are
going to have a hard time proving who actually did the improper usage. Often people
who do such activity do it on a coworkers computer that they did not lock/logoff of
or even an unauthorized computer on the network such as a laptop. Something like ISA
server would be much better at controlling and tracking internet sage. --- Steve

http://www.foundstone.com/index.htm...ation.htm&subcontent=/resources/freetools.htm
--- Pasco.
http://www.microsoft.com/isaserver/ --- what ISA does,
Click to expand...

Thanks. It's a little cumbersome, but it works pretty well. Unfortunately,
the information I want is not part of the roaming profile, so I will have to
connect to each computer separately to run the tests, but it is definitely a
step in the right direction. We aren't looking to prosecute anyone, just to
see if this is a problem that warrants upgraded procedures for detection, so
proving who did it isn't really that big of a problem. I do appreciate the
heads up though and will definitely investigate ISA server much more
closely.

Chris
 
Back
Top