What I would first do : )Throughly inspect the S computer mainly the browser favorites ,Cookies,history,typed URL,Temporary Internet Files,History,Cache using the following tools like Cache auditor ,InternetCache monitor for IE and Web Cache illuminator for Firefox.
2)Check for the sent,recieved or compose emails in the cache to prove that S only viewed the mail but did not sent it. 3)Other way would be showcasing demos like how can you forge the header and make innocent a culprit. or a DNS poising attack. Rgs AK On 5/30/07, Flavio Silva <[EMAIL PROTECTED]> wrote:
Thank you for your answer Glenn! On 5/29/07, Glenn Dardick <[EMAIL PROTECTED]> wrote: > Assuming, S used Internet Explorer, you might want to look at the INDEX.DAT and Cache files within the Temporary Internet Files folder. It might show when Hotmail was accessed (in the INDEX.DAT) as well as what was on those pages (in the Cache). If S was composing email on Hotmail at 16:20 that would be bad. If S was not composing and did not even access Hotmail at that time, that would be good - assuming you are the defense of course. Yes, I am a technical advisor of the defence counselor. This is a good idea. I did not have access to the machines nor to the disks. I am asking to visit S to explore his computer. Thank you again. Regards Flavio
