I've been asked to show Internet Explorer logs from someone who made a
death threat. The incident is being reported to the FBI. The computer
is Windows 2000 PRO with IE6. I used a freeware tool and I found the
activity I was looking for in a file called INDEX.DAT but the time
stamp on the logs was 4 hours behind the actualy activity. The time is
an issue because it has to match the transcripts sent to me by the
company whose employee was threatened. I have read that some versions
of IE/Windows stamp events in GMT time and since I am in New York it
would make sense that it would be 4 hours behind. The clock and time
zone on the PC are correct and we already know who was at the computer
during that date and time of the transcripts. . Has anyone heard of
this problem? I already tried viewing the history in Windows and right
clicking the event. It does not display an activity time. I will look
for another tool to run the report but I sure would appreciate some
help here. If I can find an official paper explaining this behavior I
could send it with the report.
|
Similar Threads
