Evidence of youtube...
 
Notifications
Clear all

Evidence of youtube and other socials

4 Posts
3 Users
0 Likes
676 Views
(@pinin113)
Posts: 47
Eminent Member
Topic starter
 

Hi to everybody.
I have to collect the evidences in the subject.
The disk is 500gb, il has a 250gb disc for shared data(but i think to work on the 500 only)
It is a windows machine, desktop
I think to proceed in this way.
Caine, Guimager, and 1 tb external hard disk.
At the office i will use osf.
Where do I have to find evidences that the user stays on socials instead of working?

Other employees are referring about this behaviour, so the data are for sure somewhere.
I can use alsa some software from nirsoft to collect browser history
Thank you

 
Posted : 18/11/2019 12:41 pm
(@gorvq7222)
Posts: 229
Reputable Member
 

When it comes to social media investigation on subject's computer running Windows, my suggestion is to use Belkasoft Evidence Center or Magnet Axiom. They both do great jobs on social media investigation and you could count on them.

 
Posted : 25/12/2019 12:23 am
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Use OSForensics’ Recent Activity button pointed at the physical forensic image.

After the Recent Activity function has created a timeline of machine and user activity, only check the boxes for internet browsing activity and save the activity as an Excel spreadsheet. Using Excel filter the report to only show work hour activity.

On a recent examination by our practice in a similar matter, we uncovered Steam logs that showed the employee logged into Steam, playing games, making game saves, and not working during work hours.

Using OSForensics, after creating a searchable index of the imaged computer, search for *.log and review all interesting log files you find.

Log files can show user activity.

Also Webcache.dat.

OSForensics event viewer function can also reveal employee activity such as logging in, rebooting, printing documents, etc.

Make sure to look at each installed internet browser application’s browsing history. OSForensics might automatically include Internet Explorer, Firefox, Opera but I recommend identifying all SQLIte database files and reviewing them in OSForensics to potentially inform your analysis.

 
Posted : 25/12/2019 11:01 pm
(@pinin113)
Posts: 47
Eminent Member
Topic starter
 

thank you, but i'm not working on an image of an evidence. i have to forensically save a facebook profile, directly from facebook.com because i have to prove that this saved account is fake

 
Posted : 27/12/2019 4:52 pm
Share: