Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Snooping

Status
Not open for further replies.
mozingod

mozingod

MIS
Jul 9, 2002
227
0
0
US
We got some reports of shop floor PCs using for, shall we say, none work related activities. They're both Win95 w/IE5 and Office 97. Can you guys suggest any places to check to see what they've been up to? I'm planning on checking after they leave for the day, and I'm alredy planning on checking the history/cookies and recent document folders. Any other tips would help a bunch, thanks!

Darrell Mozingo
 
Sort by date Sort by votes
You could Google for keyloggers....but I think any K-Mart sells pink slips.
 
Upvote 0 Downvote
You might want to run Ad-aware or some other spyware app. Many of the adult sites install spyware elements on local systems. Ad-aware may be run as freeware and will identify any of those apps. You will be surprised what you find. When the scanning is completed, a detailed log is presented that should help you identify the source(s).

and then select her shareware picks.

You might also simply search for images.

**Side note - I hope you are running IE 5.5 SP2. Earlier versions have some serious security holes and are especially susceptible to certain viruses.
 
Upvote 0 Downvote

Well, assuming they are using IE to browse the web and further assuming they are smart enough to clear cache, clear cookies and clear history, there is one place that they will more than likely not know about as a history logger.

Just use DOS prompt and browse on over to:

C:\WINDOWS\TEMPOR~1\CONTENT.IE5

In that directory will be a file named index.dat that tracks every webpage the browser has been to REGARDLESS if they clear cache and history.

It's a little hidden something that Microsoft has never really explained exactly what they are up to with, but, I keep all the ones clear on any machine I use.

This directory is generally NOT visible from within windows explorer as windows explorer is programmed to ignore that folder and NOT display it to you.

I would further recommend that you edit it with the DOS edit command and not try viewing it in windows.

That file will pretty much tell you where they've been and unless they are PC guru's that really examine the operating system, they won't even know its there.

After you view the file or copy it across the network or something, you can delete it off the PC as it is automatically recreated everytime windows starts up and then you won't have to look through the same data each time you view it.

Have any questions, let me know.

Good luck!
 
Upvote 0 Downvote

Also, I should mention, that should you go to view this file on the actual PC, I would NOT recommend using windows explorer, as you know windows explorer will remember paths you have been to in an attempt to auto complete, whereas if you use the command prompt as I suggested, they won't even know where you have been or what you have done!

Cheers!

 
Upvote 0 Downvote
Thanks for the tips! Anyone know of any locations like that for Office when a file is created? They're not really supposed to be using Office on the machines, so there shouldn't be that many.

Darrell Mozingo
 
Upvote 0 Downvote

Sure! I use the same technique to teach my brothers and sisters how to monitor their children without spending any money on a software tool or installing anything that might get their attention as to a sort of monitoring. :)

Cheers!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

johnherman
  • Locked
  • News
Infoworld = "Windows 'snooping' and nagging patches return, including KB 3035583, KB 2952664&qu
Replies
0
Views
16
johnherman
johnherman

Part and Inventory Search

Sponsor

Back
Top