Question : Porn website cookies

User brought his laptop to IT today complaining that it's infected with viruses. His assumption was correct as it was jacked up with root kits etc.

Went to go see the users browsing history and it was cleared which threw up a red flag. Checked his cookies and found 3 referencing a porn site.

His privacy is set to medium which appears to block 3rd party cookies for the most part but I want to be absolutely certain that he intentionally accessed porn before reporting him to HR. I like the guy a lot but policy is policy and his bug could have spread to our networks.

Is there any way to check the actual cookie to see if it is a 1st or 3rd party cookie. I understand the 1st party cookie to mean that he directly accessed the site and that is was no pop-up incident.

Any help is appreciated.

Answer : Porn website cookies

No I dont think so, a cookie is just that, a file that is created under a command like set_cookie on a programming language, who executed that software/webpage is only auditable using a logger or similar.