Yes there are tools such as from Foundstone at the link below.
http://www.foundstone.com/us/resources-free-tools.asp --- Founstone
forensic tools
Regseeker can also display contents of user index.dat files showing internet
activity.
http://www.hoverdesk.net/freeware.htm --- Regseeker
http://en.wikipedia.org/wiki/Index.dat --- about index.dat
The link below from Microsoft Antivirus Defense-In-Depth shows steps of how
to analyze a computer that is still running for evidence of what has
happened/current state though it is written for a hack attack but much of
the same applies.
http://www.microsoft.com/technet/security/guidance/serversecurity/avdind_4.mspx
You can also use the built in search in XP and search for files
created/modified within a date range and sort the results being sure to
select for hidden files and folders.
Having said that you have to be very careful in doing forensics if for any
legal reason or for proof and follow best practices for "chain of custody"
and no one should do it for legal/proof reasons unless they are highly
trained at it and can take a grilling in court from computer security
experts for the defense. When doing forensics the original hard drive is
typically cloned and then the original hard drive is saved as evidence and
the cloned drive is examined. There is much much more to it than that but
that is a start.
Steve
"jim" <jim DeleteThis @home.net> wrote in message
news:XstQi.3687$m8.3111@bignews8.bellsouth.net...
> Is there software available that enables you to (1) see where XP tracks
> for IE and Windows itself are written and (2) to scan those files for
> filenames, readable text and links?
>
> I am doing some minor forensics on an XP PC and I want to know all that I
> can about when and where it was last used and what was the last things
> done on or by the PC.
>
> Thanks!
>
Hot
Bloated Email? DetachPipe for Outlook
Mac
Linux
Games
PDA
Mobile
FAQ
Search
Profile
Private Messages
Log in
Windows Forums
RSS