As users get redirected to malicious sites all the time, I'm sure it's well within the possibility that they could also be redirected to a porn site as well via iframes, etc.
Looking through lots of IE related browser history myself, it's hard to know the user's exact intentions, though sometimes it's pretty obvious once you see google search queries, the typed urls registry key, and such that don't appear work related. Might be an opportunity to repeat whatever legit browsing he said he was doing and examine your own cache. ;-) -PJ Date: Tue, 3 Nov 2009 12:38:44 -0500 From: [email protected] To: [email protected] Subject: [Pauldotcom] A question about browser history I have a situation at a client's that I would appreciate some help with. An employee was flagged as visiting "adult" sites (which is surprising since their proxy is not exactly current or well setup), and a quick look at the browser history showed traces of this (firefox 3.5). But in my brief exposure to forensics I have been told, "do not look for evidence of guilt or innocence, just look for evidence". This employee seems honestly shocked about this and swears that he did not do it (even has suggested taking a lie-detector test to prove it!) and some of the sites do seem like those that are ad funded and I know those can be more then meets the eye. So I have been trying to find out if it is possible that he is actually innocent. I have done some reading and hidden iframes would explain the proxy traffic but as far as I know, those do not show in the browser history (?). I am sure that a pop-up window would not have been it either. I admit my web-security-fu is not at a very high level, so I would like to ask if anyone knows of a way this could have happened which backs up the employee's story or do I just go ahead and assume guilt? Thanks Dorne
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
