+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
Internet Related/Filtering/Firewall Thread, Recovering All a students files & internet history in Technical; Originally Posted by AndyD I had a child that had been searching for things he shouldn't have been and had ...
  1. #16
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    20
    Quote Originally Posted by AndyD View Post
    I had a child that had been searching for things he shouldn't have been and had to get the information locally. We do have ISA Server 2004 and would love to be able to get the information from there. I have only seen monitoring, is that what I need to use as I don't normally keep that running?

    If you have ISA server 2004 you can set ISA to log access. This is done on the logging tab within the monitoring section. Once this is done it will log to text files (by default). The can either be imported into excel (as someone else suggested) or if you know SQL you can use LogParser (free download from Microsoft) to run SQL like queries against those logs to pick out only the information you want.

    An example of a LogParser query (this one to retrieve all internet activity for a specific user specified as a parameter to a batch file)
    Code:
    "C:\Program Files\Log Parser 2.2\logparser.exe" -i:w3c -o:w3c "select * into c:\isalogs\extract_people_all_20090122.txt from 'c:\Program Files\Microsoft ISA Server\ISALogs\ISALOG_20090122_WEB_000.w3c' where to_lowercase(cs-username) = to_lowercase('%SearchNames%') order by cs-username,date,time"
    I know that wont help you if you dont have ISA, but the AndyD asked how to do it with ISA.

    Cheers

    Jonathan

  2. Thanks to ArchersIT from:

    AndyD (23rd January 2009)

  3. #17

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    64
    Quote Originally Posted by dave20046 View Post
    Right a kid at my school's shot someone and the plod want me to get everything he's done at school to scan for evidence.
    Seems odd - wouldn't the process of you collecting evidence for them totally taint it, render it inadmissible etc? Not the usual police forensics route!

  4. #18

    Join Date
    Feb 2006
    Location
    London
    Posts
    126
    Thank Post
    1
    Thanked 17 Times in 9 Posts
    Rep Power
    19
    Quote Originally Posted by OutToLunch View Post
    Seems odd - wouldn't the process of you collecting evidence for them totally taint it, render it inadmissible etc? Not the usual police forensics route!

    I agree I'd ask them to come and collect it with your assistance.

    This is as if they want to use any of it in court it's quite probably that a defending laywer would try to get the evidence declared inadmisable.

    They might just be trying to get something in which to pressurise a confession from the person though.

  5. #19
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    111
    Quote Originally Posted by OutToLunch View Post
    Seems odd - wouldn't the process of you collecting evidence for them totally taint it, render it inadmissible etc? Not the usual police forensics route!
    Exactly FFS! If the police want to collect evidence then they can come and do it themselves. Unfortunately you might find they turn up with a Court Order and seize all the computers he could have used for a few months.

  6. #20
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,497
    Thank Post
    101
    Thanked 84 Times in 71 Posts
    Blog Entries
    46
    Rep Power
    37
    ict classes ought to use seating plans so that the kids sit at the same pcs every lesson. I have log files generated at login so I know where every kid and teacher has sat every lesson for at least 6 months. you can use
    http://www.nirsoft.net/utils/ie_cache_viewer.html
    to read the contents of the dat file.

  7. #21

    Join Date
    Jan 2009
    Location
    leicestershire
    Posts
    59
    Thank Post
    7
    Thanked 2 Times in 1 Post
    Rep Power
    11
    Cheers guys, I've handed over his documents and said if they want anymoe then I'll have to go round his local machines. I'll see what they say.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Internet History.
    By Daleus in forum Windows
    Replies: 7
    Last Post: 2nd December 2008, 02:55 PM
  2. Recovering Deleted Files...
    By Pumaedition in forum Windows
    Replies: 3
    Last Post: 16th October 2007, 08:41 AM
  3. Internet explorer & AVI files
    By nickje in forum Windows
    Replies: 7
    Last Post: 12th October 2006, 11:14 AM
  4. Recovering Files From a Corrupt Floppy
    By Preston in forum Windows
    Replies: 15
    Last Post: 27th April 2006, 03:39 PM
  5. Recovering Deleted Files
    By Pear in forum Windows
    Replies: 13
    Last Post: 21st February 2006, 07:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •