Need your help mates...fast

[nihil]

Could it be that he downloaded a fix/fixes for bugbear.......?..............I test a lot of software and usually put the download into a folder with its name.........also, why a folder.......it should be a single file?

I would have expected him to be a bit more subtle? Like give it a name such as "toolbox" or something?

Just a thought..............but you are right............it pays to be careful

Cheers

[Cybr1d]

Hmm...Interesting points brought up here. I was thinking about the privacy issue, but if I give him a warning, then he wont try anything...and I want to catch him redhanded (Mainly for my own curiosity). I would not report him to the authorities or anything...i just want to make sure he's not screwing with my PCs.

Thank you all for all your help. I really appreciate it.

[Tedob1]

do you have a caching proxy on the gateway? if not you could install a personal fire wall on each machine. set it to allow everything and also to log everything then send the messages to a syslog deamon on your machine. you really should hang a sign that says "internet usage may be monitored" or "we reserve the right..."

[Cybr1d]

HMM...I probably will do that

[Tiger Shark]

Cybrid:

1. You reserve the right..... But not the _duty_... Very important legally....
2. When he comes in.... Ethereal his box.... Simple.... We can help interpret the results.
3. Because someone has a folder called bugbear is no big deal. I create folders all the time with virus names whan I d/l the fix tool, (a point already made)
4. As far as his cookies are concerned.... What do you want... his surfing history? Cookies only show the sites he went to that give out cookies. If he 1337 then he won't be visiting places that send out cookies.... Kinda counter-productive really.....

This suspicious old fart thinks you are being a tad paranoid at this point..... You run an I-cafe... you're gonna see some funny $h1t..... You either have to live with it and have your machines locked down or you allow and monitor to cover your own rear.... If you are going to get worried over every last little thing in your business then you will be stressed out before you know it.....

[seqrets]

Originally posted here by Cybr1d
Hi all....



I really need to know how to retreive cookies that were just cleared from internet options.

Unless he used software to delete the cookies index.dat file and then rebooted, you can still view your cookies. Here's a freeware program that you might be interested in http://www.exits.ro/index-dat-viewer.html.

[Cybr1d]

I put notices on the wall saying "We reserve the right to monitor your online session at our discretion".

The reason why I wanted to dig deeper into this was mainly my own curiosity. I'm still new to the security world and I have a very long way to go. I've recently been getting myself involved more into Intrusion Detection and Network Forensics. I collected some data from this individual's online session...perhaps in my own head making a report and coming up with as much information with little resources. *Just challenging my brain *

LOL sorry I sounded a bit paranoid ealier...perhaps I was...Although I didn't think of the fact that he might have the cure to the virus in that folder . I've learned a few lessons today...and sure am glad to. Thank you all for your productive answers. Now I remember why I come here 9-10 times a day LOL

[phatcat42141]

I use a program called Clean Disk Security that has a feature that allows you to view and even restore erased files as long as they havent been writen over yet. It has proved to me that even Evidence Eliminator doesn't do as it says and is not very reliable.

[moxnix]

I put notices on the wall saying "We reserve the right to monitor your online session at our discretion".

Yes and that isn just exactly what you should do. Not every person, every time, but random checks or if someone trips your trigger.
Legally, you are covered by your sign, and yet have not made it your responsibility to monitor everyone.

And yes Tedob1.....NATO/Germany but 1965-1970.

[Tedob1]

bigger than stuttgart! thats circa! :-)