excellent points. But remember that some clients, by default, will log messages when the client is in "away" mode. You may get lucky and find that the person left themselves as "away" and continued to chat with someone. Although some clients will remove the /away flag as soon as you enter standard input into the irc client. It's a crap shoot unless the person enabled logging... then you have a wonderfully organized set of files broken down by channel and date. ;) -----Original Message----- From: Peter Kristolaitis [mailto:jesterat_private] Sent: Tuesday, June 18, 2002 12:13 PM To: Larry Porter; forensicsat_private Subject: Re: irc This depends on the IRC client being used. mIRC, for example, does not store chat logs anywhere but its own log files (if session logging is enabled). Windows itself would not make any logs of IRC chat sessions, since that would involve intercepting, decoding and logging basically ALL TCP traffic into/out of the box. It would be my guess that not many clients have a 'hidden log' 'feature', either... in most environments, there would be little to no point in doing this. - Peter Kristolaitis At 10:41 AM 6/18/02, Larry Porter wrote: >I was wondering if anyone can give me a little insight >into irc forensics. Basically what I am trying to do >is figure out if there are any pieces of chat sessions >from IRC left on a windows box. The only thing I can >think of is if someone logs their sessions, but I was >hoping if there maybe another place that windows >stores the chat sessions? > > >many thanks, > >Larry Porter > >__________________________________________________ >Do You Yahoo!? >Yahoo! - Official partner of 2002 FIFA World Cup >http://fifaworldcup.yahoo.com > >----------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 18:00:18 PDT