Hi,
Is this information available in XP in a log file or event history ?
In other words, is there any way to tell if
a computer running XP has ever been connected to any network (dial-up,
LAN, wireless,...) ?
A strange request I know, but thanks for any help !
Depending on the boundaries you're setting, it may be damn near impossible.
As Neil suggests, this could go down to specialist forensic stuff but even
then this could only find proof that the computer had been connected to a
network, however, absence of this proof wouldn't be proof that it had not
been on the network.
For example -
"The event logs will show networking events" - The event logs can be cleared
very easily from the event viewer.
"The browser cache would show stuff if it had been on the Internet" - yes
but you can clear that.
"Isn't there some stuff left behind when you clear your browser history? I'm
sure I read something on slashdot about some foul Microsoft conspiracy to
eliminate the meal of "breakfast" that used this somehow!" - yes but the
residue can be cleaned up. If you can find out where to look then the person
hiding their tracks can find out where to clean.
"Forensic examination of the disk would still find the information" -
assuming it was on there, what if the hard disk had been changed since then,
or if the person connecting the computer to the web used a "Live Linux" CD
instead of the OS on the hard disk.
"If it was on the net, the network card's MAC address would be in a log
somewhere" - Most modern operating systems, network cards and network card
drivers allow you to change the MAC address of a device, and if that isn't
so then new network cards are not expensive these days.
Rob Moir
rhymeswithgeek.com