I have a SSD image of a Windows 7 SP 1 64-bit OS. I am using Autopsy 4.5. I need to know if this unit used a VPN connection at any point. This unit was a DVR for a motel in the US. Someone repurposed it without authorization as an Office PC including Office 365. There are multiple OST files with .nz and .au. I figure that for a system at a motel in the US with these OST files would have to use a VPN to connect to the exchange server in Australia and New Zealand. Where would a VPN profile be located and/ or network history. I need to find an explanation as to how these OST files got on this system.
Thanks
Have a look at Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\
to see all interfaces on the PC. If there was a VPN, it was registered as a network adapter. And check for Prefetch files indicating the execution of a VPN software, for example vpngui.exe for AnyConnect.
best regards,
Robin
Have a look at Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\
to see all interfaces on the PC. If there was a VPN, it was registered as a network adapter. And check for Prefetch files indicating the execution of a VPN software, for example vpngui.exe for AnyConnect.best regards,
Robin
No luck
Any ideas as to how these OST files from could have gotten on this system without an VPN connection? The OST files were in the correct folders in each user account. I'm open to possibilities. No servers on-site, just other client systems. The router provides DHCP and NAT (don't know the settings).
No luck
Any ideas as to how these OST files from could have gotten on this system without an VPN connection? The OST files were in the correct folders in each user account. I'm open to possibilities. No servers on-site, just other client systems. The router provides DHCP and NAT (don't know the settings).
I would not assume that a VPN is necessary for the suspect computer to connect to an Exchange Server. I suggest that you take a look at the mail profiles configured on the computer and see which Exchange servers correspond to the OST files in question.
No luck
Any ideas as to how these OST files from could have gotten on this system without an VPN connection? The OST files were in the correct folders in each user account. I'm open to possibilities. No servers on-site, just other client systems. The router provides DHCP and NAT (don't know the settings).I would not assume that a VPN is necessary for the suspect computer to connect to an Exchange Server. I suggest that you take a look at the mail profiles configured on the computer and see which Exchange servers correspond to the OST files in question.
I founf the profiles and the .xml files. The OST files are from Outlook.office365.com. Due to cached Exchange mode being enabled, it saved all their emails to this DVR/ now office PC used at the motel. Big security risk to access Outlook.office365.com from a public system.
Thanks,