webmail evidence

aside from the standard history sql lit db for chrome, and WebCacheV01.dat for IE history files, where else on a windows machine could give clues if a user has accessed a certain webmail service and logged in using a specific email account? I suspect either gmail or hotmail. Just want to rule out any other areas such evidence may reside apart from the obvious browser history locations.
LVL 3
pma111Asked:
Who is Participating?
 
William MillerConnect With a Mentor Inventory/IT ConsultantCommented:
You could also give something like IEPassView a try. Is that a long shot? Almost certainly, but it's funny the ways people will slip up sometimes without realizing it. If they saved their credentials to IE then PassView will spit them back out at you.

http://www.nirsoft.net/utils/internet_explorer_password.html
0
 
masnrockConnect With a Mentor Commented:
You might be able to dig up something you if you use a forensics tool like Redline. Otherwise, if you have something like a web proxy, which now is not looking on the machine itself.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.