Threat Model: Parents

[Mirimir]

OK, stealth is the only option. The first requirement is a safe place
for communicating, researching, and downloading stuff. Doing that on a
compromised machine is most likely pointless.

I know nothing about parental monitoring software. But one could get a
good sense of its universe from searching.[0] Task Manager shows what's
running, but Process Explorer is much more informative.[1] It doesn't
require installation, or admin rights to run, and one can run it from a
USB flash drive. Its use will be logged, of course, but at least it
won't show up as an installed program.

Right click on processes of interest, and select Properties. The
Environment tab shows where logs etc might be found. The TCP/IP tab
shows network activity and remote IPs/hosts.

If there is stuff that requires admin rights to see, and there is some
private time, booting with a Linux LiveCD would be useful. makeuseof
recommends Hiren’s BootCD, The Ultimate Boot CD, and Knoppix.[2]

If there's no evidence of sophisticated efforts, it might be worth using
Portable VirtualBox[3,4] and a Ubuntu VM with LUKS.[5] However, using
Portable VirtualBox would likely require admin rights to install
drivers. It's fairly trivial to get admin rights in Windows.[6] And one
could reverse all changes after installing drivers needed for Portable
VirtualBox. But consequences of discovery might be painful.

[to be continued]

[0]
https://search.disconnect.me/searchTerms/serp?search=46415e34-ef20-48fd-96b3-4ab927edf312
[1] https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
[2] http://www.makeuseof.com/tag/5-best-rescue-disks-windows-system-restore/
[3] http://www.vbox.me/
[4]
http://www.howtogeek.com/188142/use-portable-virtualbox-to-take-virtual-machines-with-you-everywhere/
[5] http://mirror.pnl.gov/releases/14.04/ubuntu-14.04.2-desktop-i386.iso
[6]
http://www.pcworld.com/article/2039773/regain-your-pcs-administrator-rights-even-if-you-dont-have-the-password.html