Pau Lo
asked on
stale web session or active web session
Is there anything you can do forensically on perhaps index.dat files to prove how long a user was browsing a specific website. Or will it just say user accessed site @ dd/mm/yy | hh/mm – and that’s it. The issue here is an employee is alleged to have been viewing a specific site ALL day long, when they say no I perhaps opened it in the morning and then had a stale IT session where I forgot the tab was open, so I wasn’t viewing it all day, but it may have been open in the browser but he just forgot about it. Is there anything accurately you can do to identify this? Could there be any other evidence to assist here. I believe its XP and IE v7.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As ahoffmann, and I think I, have stated you really can't measure how long somebody on a web site. Even if you could, you can prove they were actually looking at that page.
It like trying to see how long somebody actually spends reading a news paper based on how the time between the paper being delivered and the time you go out and get it from your paper box or off the front porch. Unless you actually sit there and watch them, all you know is that they got the paper. You have no proof they actually read it or how long they spent reading it.
It like trying to see how long somebody actually spends reading a news paper based on how the time between the paper being delivered and the time you go out and get it from your paper box or off the front porch. Unless you actually sit there and watch them, all you know is that they got the paper. You have no proof they actually read it or how long they spent reading it.
Pardon if it give false hopes but the friendly intent is to make informed decision with available information possible from the log. As mentioned if we really sit in btw all the surfing through software proxy it generate traces that include some timing. This is not outright useful to fulfill the request but maybe triggered more thoughts whether the requested is truly viable. Of course the timing is subjected to latency and bandwidth etc...not best that I agree since there are too much gaps if looking at timing...even that can be tampered on machine. Too much consideration so user has to balance expectation..
should this be related to the question?
> .. to prove how long a user was browsing a specific website.
if so, how does one measure following scenario:
1. user requests your website
2. user's system is unplugged from network
3. user's system is [ct]rashed
you (the server) never gets a timestamp back
hope this explains why it is impossible to measure such browsing time i.g.
all measures are (best) guesses, nothing more, nothing less
admins and security people trust facts, marketing and sales believe in guesses, statistics and probablities ;-)
sorry for being pedantic, no offence meant, I've seen "would gives some lead" :)