Are you talking about one ore two violations or 2 or 4 hours worth of porn surfing? Does the machine have malware on it? There have been a few cases of malware doing http gets on porn sites.
On Tue, Nov 3, 2009 at 9:38 AM, Dorne Mabais <[email protected]> wrote: > I have a situation at a client's that I would appreciate some help with. An > employee was flagged as visiting "adult" sites (which is surprising since > their proxy is not exactly current or well setup), and a quick look at the > browser history showed traces of this (firefox 3.5). But in my brief > exposure to forensics I have been told, "do not look for evidence of guilt > or innocence, just look for evidence". This employee seems honestly shocked > about this and swears that he did not do it (even has suggested taking a > lie-detector test to prove it!) and some of the sites do seem like those > that are ad funded and I know those can be more then meets the eye. So I > have been trying to find out if it is possible that he is actually innocent. > I have done some reading and hidden iframes would explain the proxy traffic > but as far as I know, those do not show in the browser history (?). I am > sure that a pop-up window would not have been it either. I admit my > web-security-fu is not at a very high level, so I would like to ask if > anyone knows of a way this could have happened which backs up the employee's > story or do I just go ahead and assume guilt? > > Thanks > Dorne > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
