Home > Guides > Security > General Security and Privacy

Security Reference Guide

Hosted by

Toggle Open Guide Table of ContentsGuide Contents

Close Table of ContentsGuide Contents

Close Table of Contents

How to Catch a Cheating Spouse

Last updated May 23, 2003.

For several years I have provided a wide range of articles and discussions on how you can use technology, policies, and devices to help secure your systems. While we at InformIT have received a lot of positive feedback over the years from our readers, the reality is that the content contained in the security section is fairly technical in nature and is targeted at people in the security community. This week our update is not specifically for this group of people — instead it is for those who operate outside the realm of computer security, but due to unfortunate circumstances, find themselves in dire need of some advice.

There is a back story to this update. While the details are beyond the scope of an update, the short version is that someone came to me for help because they had no idea what to do or even what was capable with regards to monitoring how their family computer was being used in a suspected affair. So, this update is for those people who need guidance and suggestions on "How to Catch Your Cheating Spouse."

Where Have They Been?

There are three main ways that a computer can be used to communicate with someone: email, chat, and the browser. Of these, the primary source of informative data as to what a person is up to can be found in the browser. Specifically, every time a user visits a website, the computer will store three pieces of information about that visit on the local system. First, the browser (e.g. Internet Explorer) will download each and every webpage that the user looks at on the local computer. Second, the browser will keep track of the fact that the user visited the site in the History log, which keeps track of all websites viewed in the browser (Note: pages viewed over an HTTPS connection are not stored). Finally, the web browser will typically also store cookie data, which are used by web sites to store pieces of information on the user’s computer to make the browsing experience more unique for the visitor.

If you are wondering how a browser can be used to instigate an affair, then you need to understand the fact that there are numerous sites out there dedicated to connecting people. In fact, many of these sites all but promote promiscuous activities with their slogans (i.e. "IT’S OK TO LOOK"). Here are a few of the more popular: Match.com, MatureSingles.com, Craigslist.com, Facebook.com, or even Manhunt.net (Note: many of these sites may not be safe for work (NSFW)). Regardless of sexual preference, type of desired relationship, age, or location, it is fairly easy for someone to find a short-term relationship via the internet. So, how can you build an online profile of the significant other in your life? The following will provide you with a screen shot and commentary of what you can look for when reviewing the files left behind by someone after they visited sites online.

History

When a user types in a URL such as http://www.match.com, or clicks on a link in an email or on a webpage that takes them to a website, that URL will be stored in the history file. All browsers create this file incase the user wants to attempt to recreate the path they took during their online time. I for one have used the history to look up various sites that I had visited, and wanted to return to. Without the history file, I would have been forced to try to hunt my way back to the website.

All this said, the history file can also provide you with a very detailed list of the sites the computer has been used to visit. To access this list, you only need to hit the CTRL and H key on the keyboard. If you are using a Mac, then the key command is Command-Shift-H. From here, it is just a matter of looking through the list of sites to see if there are some suspicious listings (figure 1).

Figure 1

Figure 1: Browser History

Cookies

As previously mentioned, it is quite common for websites to use cookies to create a more exciting and interactive user experience. For example, if you visit http://www.weather.com and enter your zip code, it will be linked to an assigned value that will be stored in a cookie on your computer. The next time you visit weather.com, the cookie data will passed to their web server, where it will be matched with the zip code you entered. The web server then knows your "location" and will show you the weather associated with the stored zip code.

While a valuable tool for web developers, cookies are a great secondary source of history tracking because they are often overlooked as a valuable source of information. Due to the rampant use of cookies, it is fairly easy to create an abstract portrait of what a computer user is up to if the history is not available (more on this later). In fact, if your significant other is so foolish as to check the box included on many sites that says "Remember me"(figure 2), the stored cookie will give you full access to their account.

Figure 2

Figure 2: Example of a "Remember Me" check box

To view these cookies, you will need to do one of the follow, depending on the browser. If you are using Firefox, then you will want to click on Tools -> Options -> Privacy and the [Show Cookies] button. In the case of Internet Explorer, your browsers cookies are managed and viewed along with the Temporary Internet Files.

Figure 3

Figure 3: A list of cookies on a computer

Temporary Files

By far, the holy grail of internet activity can be found in the Temporary Files store. This is the location that keeps the files that are downloaded as part of normal internet activity. Whether it is a web page that is viewed or a file that is downloaded, it will be stored in this location. This includes the full content of web-based email, images that were viewed, and movies that were downloaded.

To view this information, you only needed to type "about:cache" in Firefox or go to Tool -> Internet Options... and click the [Settings] button (figure 4) and then the [View Files...] button. Incidentally, it is this separation of Temporary Files and History management in Internet Explorer that makes the Temporary Files an often missed item when a cheating spouse attempts to clean up after themselves.

Figure 4

Figure 4: Viewing the Cache/Temporary Files in Internet Explorer

Who Are They Talking To?

One other method of connecting to people on the internet is via chat programs. Unfortunately, there is little in the way of a record of communication unless the chat program has the ability to record chat sessions, which may be disabled. That said, and depending on the program, it wouldn’t take much to enable the recording of the chat session which will dump the conversations to a locally stored log file. Assuming the installed chat program has the ability, you will typically find it under the Tools -> Preferences or Options menu. Figure 5 provides you with a screenshot of the Message History option in Windows Live Messenger.

Figure 5

Figure 5: Chat Logs In Windows Live Messenger

When That Doesn’t Work...

In our particular case, the suspected spouse was clearing out the cache after every online session and they were using a browser based chat program to communicate, which meant no log files. While the history/cookie/temporary files would have made the whole investigation easier and faster, the lack of these files is only a minor obstacle to obtaining the necessary evidence, assuming there is any.

There are three main ways to catch a spouse with a clue: forensics analysis of the computer, a device you can install on your local network to monitor the data passing between the computer and the Internet, or a backdoor monitoring program. The follow provides an overview of what these options can do for you.

Forensic Analysis

First, this will not be cheap because it will require a forensics expert. This expert will obtain a copy of the drive and perform analysis of the data on the drive to detect and recover deleted files, which really are rarely properly deleted. There are several ways this can be accomplished; the easiest of which is to create a copy of the drive and then perform the research in a lab.

Install a Network Analyzer

Again, this will not be cheap because it will require someone to install the necessary software/hardware to capture the emails, chat data, etc. that is sent to/from the internet, and interpret this data. One advantage to this method is that it can capture data regardless of the program. If we would have used this method in our scenario, we would have had full access to the chat sessions, web sites viewed, personal web based email, and more. However, this method will not collect any HTTPS encrypted traffic, which would include items like usernames/passwords, etc.

Install a Backdoor Program

One of the major annoyances of being online is the constant threat of being infected with a virus. Ironically, this type of software can be used intentionally to spy on a computer's user. With this kind of spyware, it is possible to record key strokes, capture screen shots, view all system activity, and much more. In fact, this software can even become invisible to the computer user and be accessible only if you know the right key combination and have the right password.

There are numerous sites that sell this type of software, and if you know where to look, you can even find programs that do this for free. SpectorSoft, SpyAgent, PoisonIvy, ActualSpy, and more are all easily available with a quick search at Google.com. For this particular case, the spouse selected SpyAgent and installed it as a hidden program on the home computer. Figure 6 provides a screenshot of the control panel.

Figure 6

Figure 6: SpyAgent Control Panel

As figure 6 illustrates, this program will provide you with a plethora of tools and functionality that can help you find out what your computer is being used for. Note that you will need to configure your Antivirus software to play nice with the software. This is typically as simple as accessing the settings of the AV software and adding an exception for the spouse monitoring software. In addition, you will need to disable the User Account Control feature if using Vista.

Summary Advice

As we have illustrated, there is a lot a person can do if they suspect their spouse is up to no good. However, just because these monitoring and spying options are available does not necessarily mean you should jump in with no regard for the Pandora’s Box of issues that crossing this line will create. First, understand that there are numerous legal issues involved. For example, if the computer is owned specifically by the spouse or their employer, you can get in big trouble messing with anything on the system. Second, you cannot use all the information you might find — such as their Hotmail account credentials. While it might be very tempting to find out what kinds of emails are in their personal account, accessing that account could get you in big trouble. So, before you do anything, CONTACT A LAWYER!

Finally, once you do cross that line of personal and private, it creates a difficult ethical dilemma. In other words, once you determine it is OK to spy on your spouse, you are essentially saying you might do this for anyone. In addition, since you are OK with the idea of spying on someone, then it becomes very hard to make the point that they can’t spy on you.

InformIT Articles and Sample Chapters

Frank Remarks: I Spy: Keeping an Eye on Your Competition — Not all spying is done in the home or office. In this article, Frank Fiore discusses corporate spying, also know as competitive business intelligence. So, if you are looking to get some specialized private eye type of information related to a competitor, check out this article.

Books and eBooks

Own Your Space: Keep Yourself and Your Stuff Safe Online — While our article is focused on the adult community, the same type of technology can be used to spy on your kids. However, when it comes to your teens who probably know as much about computers as their parents, if not more, the details of how to manage and protect their online lives has to be handled differently. This book and sample chapter was written for the emerging computer friendly generation, and offers the tips and information they need to survive safely online.