Webpage logons are not really stored in RAM per se... It is just a small buffer that gets sent upstream to the site...


Now, cookies will be stored... but only encrypted so to speak...


If I am understanding you right... you will need to run remote administration software on the clients for on the fly access. Any cookie you get is going to be encrypted, and any separate keylogger you install is going to require you to either have the keylog in a network accessable location, or require you to physically go to the machine and download it, once again, after the fact.

THe biggest dilemma you are going to face is getting around SSL, you will have to capture the logon information before it is sent upstream. This means you need some sort of keylogger, once again, preferably as part of a remote administration package. You might even be able to configure something to alert you when certain DNS requests are made, depending on network configuration and the tools you have available.

Remember, your best option is prevention. Wouldn't it be better not to have employees trying to sex0r 14 year old girls during work hours? Isn't that more of a home thing?