# Trying to view deleted browser history



## Juicinator (Nov 13, 2006)

I need to get as complete a history of every website my office computer has been used to view. I believe that one or more of my employees is violating office internet policy by viewing explicit material. There are two reasons why I cannot currently see this history: 

1. The offending employee has deleted the history, cookies, and temporary internet files.
2. The offending employee figured out how to change "Internet Options" settings to retain history for only one day. 

Here is what I have tried: 
1. Contacting my ISP and requesting a full history. Apparently that puts such a strain on their server that they would have to shut down access to many, many customers (in other words, not gonna happen). 
2. downloading a "index.dat viewer," which has helped me to see the one day of history, giving evidence of abuse of the office computer. 

Is there a way I can view more, if not all, history of this computer, short of doing a system restore to an earlier date, or spending $$$ on a computer forensics expert? 
Thank you!


----------



## TOGG (Apr 2, 2002)

Some detail is supposed to be retained in the Registry in things called 'User Assist Files', however, lots of cleaner programs will delete or clean these (and the index.dat) files.

See here for info about User Assist Files; http://www.utdallas.edu/~jeremy.bryan.smith/ (click on 'Articles' then on 'Explorer Spy') There is also a small program available called User Assist Spy that is supposed to show the contents of those files, if they are, in fact, present.

In your situation you might be better looking into keylogging type programs that will record the use made of the computer in question, although I don't know how such programs can 'prove' who the user was at any given period in time.

I understand that these programs could be illegal in some jurisdictions and the material they produce may not be admissable in evidence for legal purposes.


----------

