Transcript Slide 1

Internet Profile/History
What have YOU been doing on the Web?
• Search strings are saved FOREVER
• Google, Yahoo and MSN are saved forever
» Gov subpoenas
• Web sites visited
• Stored in index.dat files
• These files are everywhere
• Search strings also stored
18/07/2015
1
Personal Information
● Personally Identifiable Information
● Casual Information
● Persistence
● Location
● Discovery
Personal Information
● Personally Identifiable Information
● Is any piece of information which can potentially be used to uniquely identify,
contact, or locate a single person.
● http://en.wikipedia.org/wiki/Personally_identifiable_information
● Name, SSN, Address
● Phone, Credit card, Bank account numbers
● Driver’s license, DoB, PoB
● E-mail address
● Face, fingerprints, handwriting, DNA, iris
18/07/2015
3
Personal Information
● Other Personal Information
● Medical records
● Criminal records
● Military records
● Age
● City, county or State of residence
● Approximate age
● Gender/race
● Grades, salary, or job position
18/07/2015
4
Casual Information
● Location
– GPS, cell tower, etc.
– Purchase history
– Travel history
– Video rentals, library record
– Surveillance photos
– Internet activity
– IM, e-mail
18/07/2015
5
Information Collection
•
•
•
•
•
Purchases at Costco, Safeway, etc.
Credit card purchases
Web searches, visits
Web purchases
Public databases
• County records available for $29.95
• Credit card processors
18/07/2015
6
The Internet Never Forgets
• All of your activity on the net is cached and
stored
• Backups
• Web site backups
• Beware of Social Networking Sites
•
•
•
•
18/07/2015
Job Due Diligence
You are everywhere
Stuff can be deleted from easy view
But it is part of the Web history
7
It Never Goes Away
● It is public
● It can and will be used against you
● MySpace.com
● YouTube.com
● SecondLife.com
● E-mails
● IM
●Senator Foley
18/07/2015
8
Purchase History
● Costco
● Safeway
● Amazon
● etc.
9
Web Browsing Logs
•
•
•
•
All over the place
User has control over some of the logs
Usually in files called index.dat
Located in
– C:\Documents and Settings\Ackler\Local
Settings\Temporary Internet Files
• But also in network shares, etc.
User Behaviour
•
•
•
•
What types of Web sites visited
What is the content of the searches
Any cached images of interest
What is the content of the the Web sites
visited
• Any conclusions on personality of the user
18/07/2015
11
What we are looking for
•
•
•
•
•
Evidence of Web behavior
System usage
Files Accessed
Cached images
Google search strings
18/07/2015
12
Where
•
•
•
•
Usually in hidden files
Usually in nonsense files
Lots of gibberish
Hard to find
18/07/2015
13
Tools Available
• Windows Explorer
• Does not show every thing
• C:>edit /80 index.dat
• NetAnalysis - $$
• Index Dat Spy
•
•
•
•
18/07/2015
Very limited output
Good start
No print out
FREE
14
Windows Explorer
Start -> All Programs ->Accessories -> Windows Explorer
18/07/2015
15
Windows Explorer
18/07/2015
16
Where the Stuff Is
18/07/2015
17
Cached images from web browsing
18/07/2015
18
Image
18/07/2015
19
Cookies Folder
18/07/2015
20
Cookie
18/07/2015
21
Go There – What was He Doing?
Index.dat Files
• Contain records of user and system activity
• Used for auto-complete
• User restoration
18/07/2015
23
Where at least one index.dat file is
18/07/2015
24
Index.dat as a text file
18/07/2015
25
Index.dat Spy
• View the contents of those obscured index.dat files
• Windows and IE keeps much info about you and your Internet
activity
• Free tool
• Locates all of the index.dat files it can find on your computer and
network shares
http://www.stevengould.org/
IndexDatSpy20.exe
Download to your computer. Double click and take defaults.
18/07/2015
26
index.dat Spy
• Renders the index.dat files in a sort of
human readable form.
• View cookies
• Review Web browsing history
• Review Google searches
18/07/2015
28
First Screen
18/07/2015
29
All of the index.dat files
18/07/2015
30
Example
18/07/2015
31
Double Click an Entry
18/07/2015
32
What Were They Looking At?
Google Search String
18/07/2015
34
Mozilla Users
Getting “MozillaHistoryView.exe”
Viewing Mozilla Browsing History
Double Click an Item
Find the Link
Go to the Link
Web History Lab
• Use
• index.dat Spy
• Assignment
• Report – use wordpad or MS Word
– 2 - 3 pages
– Discuss Approach
– Evidence Found
»
»
»
»
»
2 URLs and content of Web sites
2 Google searches
Cookies, etc.
Include in your report
Give concrete examples of each
– Summarize the behaviour of computer user owner
– Use Alt – Print Screen to copy selected window and paste in your report
18/07/2015
41