Assuming that these are Windows machines, you should already have gone into Windows Explorer and set "Tools - Folder Options" on the View tab to "show all files," and should "uncheck" the "hide file extensions for known file types."

When you set the "show all files" you should be able to see any hidden files in Explorer. The reason for NOT hiding file extensions, is the frequent use of "double-dot" filenames (file.doc.exe) in viruses - if you don't show the extensions, you won't see that it's an "abnormal file" before you open it.

Unless you are using Win2K or WinXP-Pro, there are few log files that will be kept under ordinary circumstances (i.e. a malfunction may trigger a log in some older Win systems). Even in the "new" Win versions, the logs will consist only of lists of files opened and closed, by their file names. System logs do not keep copies of the files themselves.

If you're on one of the operating systems that actually keeps detailed logs, you must be logged on as "Administrator" in order to see them. If you don't have full access, the person who could give it to you is probably in a better position to do this kind of "investigation" for you than you are - even if you could get the "permission" reset.

The only place where "downloaded files" are normally kept is in Temporary Internet Files, and these should self-delete when (if) you close your browser. (although they don't always) The normal location is at C:\Windows\Temporary Internet Files\; and, with the Explorer options set as above, you should be able to see everything there.

On Win2K or XP-Pro, there will be a separate "Temporary Internet Files" location for each individual user, at something like C:\Documents and Settings\Username\Local Settings\Temporary Internet Files\, with a separate "tree" for each "Username." Cookies will be here, and possibly duplicated in lower "incident" directories. Any actual "pictures" would be in \Temporary Internet Files\Internet Content. If your "suspect" is fairly knowledgeable, he may have deleted the "download" files, but may have left cookies that show where he's been.

In these systems there is also a C:\Documents and Settings\Username\Local Settings\History\ folder that keeps a list of links used - usually for the past week, at least. In older systems, there is a usually a similar history file, but it's typically hidden in your browser folder(s) somewhere.

In Internet Explorer, the "Tools - Internet Options" lets a user control how far back the history folder will go. If your "suspect" has set the history roller back to something very short, there will be little information on the machine. Conversely, if you set your history back to a short interval, once that time has passed, there is no record on the machine of what sites have been visited except (on Win2K, XP, NT maybe) for the Administrator's log of system activity. If you're interested in a "defensive posture," setting a fairly long time would give you "proof" that your machine hasn't been anywhere since you've had it.

As indicated by Dave Bryant above, any pictures from "porn sites" or elsewhere would be downloaded as "files with Graphic File suffixes ie .JPG .GIF .BMP .TIF etc." You can put each of these into a search in Win Explorer, and see if there are any present. If you find anything objectionable, whether to delete or "preserve for evidence" is up to you, although if you decide to "build a case" it is imperative that you have a witness to what you are doing, and a written record (preferably initialed by you and the witness) for each "preserved artifact." Your system administrator, or corporate security is a good choice.

A caution: since the graphic file extensions are so obvious, your "suspect" may have used the expedient of pasting the pictures into something like a Word .doc so he/she can delete the original graphic files. A look at whether .doc (and PowerPoint etc) files appear to have business related content would also be in order.

In any "corporate sytem" environment (i.e. even if you just use their Internet connection), it is probably unwise to install "snoop software" (or any software) without the support of the "IT" department. And if your suspicions are reasonable, they should "do it for you."

John