comment removed
Greetings,
The answer, I think, is a very qualified "maybe". If you need an answer before starting down this path, create a new Vista instance, fire up IE 8, go to the site in question, establish the credentials, and see what you've got.
-David
Knowing nothing else, namely, not having access to the subject's computer, the issue seems to boil down to circumstantial evidence and reasonable doubt. That is to say, as David has mentioned, you MAY find something exculpatory, but it will not (likely), be definitive. For example, you haven't said whether the forgery occurred on the sending system or the recipient system…
On the other hand, the burden of proof is on the prosecution.
That having been said, the use of data from unallocated space to establish forgery/tampering is fraught with difficulties. Very likely, you'll have scarce reliable date and time information, and you'll need to establish a reasonable theory as to how the information appeared in unallocated space.
So, there is no simple answer other than that you'll need to tie threads together to establish the basis of your case.
Remember that the absence of something is never proof that it didn't exist.
Also, don't forget Windows Protected Storage, which can be clues as to what information may have been cached related to site usernames and passwords.
I should have added that the suggestion of digital evidence tampering by law enforcement is an even more difficult and unlikely scenario.
You posted this exact same question on another forum as well as this question
"When logging into an account using novell groupwise 7.x webaccess via internet explorer 8, what kind of forensic artifacts are created on a local hard drive? Can someone determine what user account was logged into? What password was used? If the login was successful? By recovering deleted cookies, temp files and history, all without checking the servers logs to confirm?"
That would require work, and as we see on here it's much easier to create a new account and start asking questions on how to do the case they have been paid for than to attempt to find the answer themselves through relatively easy work.
Greetings,
The answer, I think, is a very qualified "maybe". If you need an answer before starting down this path, create a new Vista instance, fire up IE 8, go to the site in question, establish the credentials, and see what you've got.
-David
Difficult and unlikely based on what?
Knowing nothing else, namely, not having access to the subject's computer, the issue seems to boil down to circumstantial evidence and reasonable doubt. That is to say, as David has mentioned, you MAY find something exculpatory, but it will not (likely), be definitive. For example, you haven't said whether the forgery occurred on the sending system or the recipient system…
On the other hand, the burden of proof is on the prosecution.
That having been said, the use of data from unallocated space to establish forgery/tampering is fraught with difficulties. Very likely, you'll have scarce reliable date and time information, and you'll need to establish a reasonable theory as to how the information appeared in unallocated space.
So, there is no simple answer other than that you'll need to tie threads together to establish the basis of your case.
Remember that the absence of something is never proof that it didn't exist.
Also, don't forget Windows Protected Storage, which can be clues as to what information may have been cached related to site usernames and passwords.
I should have added that the suggestion of digital evidence tampering by law enforcement is an even more difficult and unlikely scenario.
When going to trial, do I raise my left or right hand when I am sworn in?
…
That would require work, and as we see on here it's much easier to create a new account and start asking questions on how to do the case they have been paid for than to attempt to find the answer themselves through relatively easy work.
Not that I don't appreciate the help, but sarcasm and forum moderation can safely be left in my hands, thank you.
Seriously mate, enough's enough - OK?
Jamie
NP Jamie
comment removed
There was no flame there.
And to add to what you say many people, including myself work on cases for people in a hard spot for free. The cases which are free a lot of times provide more enjoyment in the helping aspect as people who are down on their luck frequently become the target of overzealous prosecution.
To the point if you do all these items in the investigation and then have to testify or need to write reports which will be used for the relatives defense, there is a strong chance those could get tossed or the Judge could rule that the jury should take little to no stock in the report.
Twit, well ya maybe I am.