±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36017
New Yesterday: 10 Visitors: 156

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

any tool for checking any kinf of recent internet activity?

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

williamsonn
Senior Member
 

any tool for checking any kinf of recent internet activity?

Post Posted: Jul 25, 13 19:53

Is there any software by which I could see if any kind of internet traffic activity has occured in a computer? I am not referring simply to check Internet Explorer History, but to know if a computer has stablished connection to internet.  
 
  

keydet89
Senior Member
 

Re: any tool for checking any kinf of recent internet activity?

Post Posted: Jul 25, 13 20:36

- williamsonn
Is there any software by which I could see if any kind of internet traffic activity has occured in a computer? I am not referring simply to check Internet Explorer History, but to know if a computer has stablished connection to internet.


By your reference to IE, I'm going to assume that you're referring to Windows...can you specify the version?

Are you looking at a live system, or are you attempting to conduct deadbox analysis? What data to you have to work with?

Something else...if you just want "to know if a computer has stablished[sic] connection to internet", that's pretty easy. If you're doing deadbox analysis, you can use RegRipper to get information about wireless and wired connections that the system has established, but again, that depends heavily on the version of the Windows you're examining.

As to the question of traffic, you'd need to look to specific applications...  
 
  

williamsonn
Senior Member
 

Re: any tool for checking any kinf of recent internet activi

Post Posted: Jul 25, 13 20:50

Windows 7 64bts. My apologies if I don´t understand some concepts, like dead box, as I am not expert. what I need to do is(in the most easiest way, as I am a common user), from that mentioned computer, not connected to internet, check any log or registry confirming if any connection has been made within the last 48-72 hours, or no connection has been made, being that suppposed connection anyone surfing from the computer, or any remote Access, or simply,a brief connection(WIFI or wired)and desconnection.  
 
  

keydet89
Senior Member
 

Re: any tool for checking any kinf of recent internet activi

Post Posted: Jul 25, 13 23:12

- williamsonn
Windows 7 64bts. My apologies if I don´t understand some concepts, like dead box, as I am not expert.


No problem.

"Dead box" refers to taking the system offline, powering it down, removing the hard drive, and using the appropriate tools to acquire an image of the hard drive.


- williamsonn
what I need to do is(in the most easiest way, as I am a common user), from that mentioned computer, not connected to internet, check any log or registry confirming if any connection has been made within the last 48-72 hours, or no connection has been made, being that suppposed connection anyone surfing from the computer, or any remote Access, or simply,a brief connection(WIFI or wired)and desconnection.


Two things...

First, there's nothing (that I'm aware of) out there like that. What you're asking for takes a bit of expertise.

For example, it's easy to check if the system had been connected to a wired, wireless, or broadband network, but that requires that you check the Registry, and the Windows Event Log (not all of them, only one or two of the actual logs). I'm not aware of a software application that you can purchase and simply click a button for you to do this.

Second, I'll say this again, you're asking for two different things here. You're asking for (a) information about the system being connected, and you're then asking for (b) information about applications used to generate/create actual traffic. In addition to the information I suggested in the above example, you'd then want to look at a number of other locations, as well...UserAssist data, shellbags artifacts, as well as a number of other Registry locations. You'd need to include the Prefetch data, as well as other artifacts, as well.

So, in summary, what you're asking requires a bit of expertise, and as far as I'm aware, there is no tool out there and available for purchase that will allow you to do this with the push of a button.  
 
  

williamsonn
Senior Member
 

Re: any tool for checking any kinf of recent internet activi

Post Posted: Jul 25, 13 23:45

- williamsonn
what I need to do is(in the most easiest way, as I am a common user), from that mentioned computer, not connected to internet, check any log or registry confirming if any connection has been made within the last 48-72 hours, or no connection has been made, being that suppposed connection anyone surfing from the computer, or any remote Access, or simply,a brief connection(WIFI or wired)and desconnection.



For example, it's easy to check if the system had been connected to a wired, wireless, or broadband network, but that requires that you check the Registry, and the Windows Event Log (not all of them, only one or two of the actual logs).[/quote]

Yes, that´s only what I want. Do you mean that information appears easily on the Windows Event Viewer?

If so, could you, please, let me know hot to check correctly Registry and Windows Event Viewer?  
 

Page 1 of 1