Re: digital surveillance techniques for forensics/penetration

• Previous message: Anders Thulin: "Re: hardware vs. john the ripper"
• In reply to: Kerri Sharp: "digital surveillance techniques for forensics/penetration"
• Next in thread: lists-mptruem-f25-com: "Re: digital surveillance techniques for forensics/penetration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 23 Jan 2004 09:12:44 -0500
To: forensics@securityfocus.com

Kerri,

On the open source side, you can use Tcpflow
(http://www.circlemud.org/~jelson/software/tcpflow/) or Ethereal
(www.ethereal.com). Two solid commercial tools are NetDetector
(www.niksun.com) and NetIntercept (www.sandstorm.net).

I wrote a paper comparing several open source and commercial tools for
this purpose - it will be published next month in the first issue of
Digital Investigation. You can request a free copy of the first issue at
http://www.compseconline.com/digitalinvestigation/.

Eoghan Casey

Kerri Sharp wrote:

>Hi List
>
>Anyone know of the tool which reconstructs captured data?? For example
>intercepted email with attachments or ftp data.
>
>I saw a flash demo sometime ago at www.sainstitute.org about digital
>surveillance techniques which they cover in DefensiveForensics and
>DefensiveHacking. This demo has since been
>removed :-( any ideas anyone?
>
>Thx
>Kerri
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Anders Thulin: "Re: hardware vs. john the ripper"
• In reply to: Kerri Sharp: "digital surveillance techniques for forensics/penetration"
• Next in thread: lists-mptruem-f25-com: "Re: digital surveillance techniques for forensics/penetration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]