any tool for checki...
 
Notifications
Clear all

any tool for checking any kinf of recent internet activity?

5 Posts
2 Users
0 Likes
426 Views
(@williamsonn)
Posts: 85
Trusted Member
Topic starter
 

Is there any software by which I could see if any kind of internet traffic activity has occured in a computer? I am not referring simply to check Internet Explorer History, but to know if a computer has stablished connection to internet.

 
Posted : 25/07/2013 7:53 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Is there any software by which I could see if any kind of internet traffic activity has occured in a computer? I am not referring simply to check Internet Explorer History, but to know if a computer has stablished connection to internet.

By your reference to IE, I'm going to assume that you're referring to Windows…can you specify the version?

Are you looking at a live system, or are you attempting to conduct deadbox analysis? What data to you have to work with?

Something else…if you just want "to know if a computer has stablished[sic] connection to internet", that's pretty easy. If you're doing deadbox analysis, you can use RegRipper to get information about wireless and wired connections that the system has established, but again, that depends heavily on the version of the Windows you're examining.

As to the question of traffic, you'd need to look to specific applications…

 
Posted : 25/07/2013 8:36 pm
(@williamsonn)
Posts: 85
Trusted Member
Topic starter
 

Windows 7 64bts. My apologies if I don´t understand some concepts, like dead box, as I am not expert. what I need to do is(in the most easiest way, as I am a common user), from that mentioned computer, not connected to internet, check any log or registry confirming if any connection has been made within the last 48-72 hours, or no connection has been made, being that suppposed connection anyone surfing from the computer, or any remote Access, or simply,a brief connection(WIFI or wired)and desconnection.

 
Posted : 25/07/2013 8:50 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Windows 7 64bts. My apologies if I don´t understand some concepts, like dead box, as I am not expert.

No problem.

"Dead box" refers to taking the system offline, powering it down, removing the hard drive, and using the appropriate tools to acquire an image of the hard drive.

what I need to do is(in the most easiest way, as I am a common user), from that mentioned computer, not connected to internet, check any log or registry confirming if any connection has been made within the last 48-72 hours, or no connection has been made, being that suppposed connection anyone surfing from the computer, or any remote Access, or simply,a brief connection(WIFI or wired)and desconnection.

Two things…

First, there's nothing (that I'm aware of) out there like that. What you're asking for takes a bit of expertise.

For example, it's easy to check if the system had been connected to a wired, wireless, or broadband network, but that requires that you check the Registry, and the Windows Event Log (not all of them, only one or two of the actual logs). I'm not aware of a software application that you can purchase and simply click a button for you to do this.

Second, I'll say this again, you're asking for two different things here. You're asking for (a) information about the system being connected, and you're then asking for (b) information about applications used to generate/create actual traffic. In addition to the information I suggested in the above example, you'd then want to look at a number of other locations, as well…UserAssist data, shellbags artifacts, as well as a number of other Registry locations. You'd need to include the Prefetch data, as well as other artifacts, as well.

So, in summary, what you're asking requires a bit of expertise, and as far as I'm aware, there is no tool out there and available for purchase that will allow you to do this with the push of a button.

 
Posted : 25/07/2013 11:12 pm
(@williamsonn)
Posts: 85
Trusted Member
Topic starter
 

what I need to do is(in the most easiest way, as I am a common user), from that mentioned computer, not connected to internet, check any log or registry confirming if any connection has been made within the last 48-72 hours, or no connection has been made, being that suppposed connection anyone surfing from the computer, or any remote Access, or simply,a brief connection(WIFI or wired)and desconnection.

For example, it's easy to check if the system had been connected to a wired, wireless, or broadband network, but that requires that you check the Registry, and the Windows Event Log (not all of them, only one or two of the actual logs).

Yes, that´s only what I want. Do you mean that information appears easily on the Windows Event Viewer?

If so, could you, please, let me know hot to check correctly Registry and Windows Event Viewer?

 
Posted : 25/07/2013 11:45 pm
Share: