Finding Out What You've Been Up To
Are you aware of how much your computer tells about you and what you do? If you are anything like virtually every other person with a computer, then it tells one heck of a lot.
Program Files folder - I would normally begin from the Program Files folder. A simple directly list is all I need at this point. From here I can determine which programs have been installed. I would also scan other folders on the disk and look at other disks to find any programs installed outside of Program files.
Why do I need this information? It tells me a number of things.
- Do you have any games installed? If this is a company computer, installing games may violate policy. Playing them during work hours almost certainly is a no-no.
- Is the software on your computer legally licensed? In some environments this is easy to determine, as all purchases are done through the IT department. For example, if your shop only uses Microsoft Office and the person has WordPerfect installed, then it might be an illegal copy.
- When were programs last modified? Most programs write back configuration files and other things to the disk. They often write back to their own directories, which places a timestamp on the folder. Looking at this tells me when you last used some programs.
What should you do?
- Do not install Warez or cracked programs. If your computer is ever audited you can be charged with a crime if any of these are found.
- Be sure you are following company policy about installations on your work computer. For example, if all installations must be approved by your IT department, then be sure and get that approval.
- Unless you work for a game company, don't install games on your work computer.
Search for common file types - Now I would use the standard "Find Files" function to find out some information about specific file types.
- A good thing to look for right away is GIF and JPEG files. Spot examining these will tell me right away if you've been downloading pornography, for example. You see, most people who download dirty pictures save them to their hard drive so they can look at them later.
- I would search for ZIP files right away. Many Warez programs and collections of things are stored in compressed files. Looking for these on the disk may quickly identify issues.
- Now I would use some more advanced search functions to find any files containing the word "resume". Anything that comes up would be investigated.
- I would also search for text files and documents containing a short list of curse words. What I am interested in finding is derogatory emails about the boss, the company or other employees.
What should you do?
- If you must look at pornography, do it at home. If you do it at work, it's very easy to determine.
- Don't download collections or programs which are not legally licensed or approved.
- Don't write derogatory memos and documents on your computer at work.
- Certainly you should never be working on your resume at work, unless you are specifically asked to do so by your boss.
Check the internet cache - All browsers locally store pages and their related files (sounds, graphics, videos and so on) in a temporary folder in order to speed up your surfing experience. These files remain on disk until they are explicitly deleted. This can provide a semi-permanent record of where you have been surfing.
This is the second best place to look for signs of unethical conduct. In the cache (and believe me, I will be sure to check the caches for Internet Explorer, Netscape and Opera, at the least) will be a complete record of many of the sites you have visited.
Now, I will already know if you've been surfing pornography sites, as I already search for GIF and JPEG files to me. This step, however, will give me a much better record of what you've been surfing.
What should you do?
- The best thing to do is control your surfing at work.
- If you must surf to non-work related sites, be sure your cache settings are set to "never".
- Check your cache occasionally and delete all files as often as you can.
Check the temporary folder - This is the absolute best place to look for finding out what someone has been up to. Many people empty their recycle bin regularly, but virtually everyone forgets about their temporary folders.
In here I will find everything I've ever wanted to find.
- Copies of documents you've edited, even if the original has been deleted long ago.
- I will find email messages that you've looked at - you see, some email clients make temporary copies so they can display them in a view program.
- Any graphics that you've created.
- Depending upon your encryption software, I may even find unencrypted versions of documents that you've encrypted.
Best of all, every one of these documents is saved without passwords or any other security options. Even Word and Excel documents which require passwords to view will be stored here without them.
What should you do?
- Delete the contents of your temporary folders occasionally. When yo do so, remember to empty the recycle bin as well.