Re: keylogger?

From: PowerCuff (powercuff@accesswave.ca)
Date: 01/25/02 

From: "PowerCuff" <powercuff@accesswave.ca>
To: "John Daniele" <johnd@tsintel.com>
Date: Thu, 24 Jan 2002 21:39:55 -0800

Hi all,

John raises some very interesting points! MAKE sure that you know what you
are looking for, your end goal and the appropriate steps to get you there.
If you can't articulate these three items, perhaps you should consider
whether or not anything that you capture with a logger will be of any use??
/ will you know what to do with it once it is collected??

I echo John's comments re: prosecution/law enforcement with tied hands. I
have worked with law enforcement and their biggest complaint is companies
that taint evidence that results in on-going investigations / new legal
proceedings from falling flat b/c the evidence (and associated evidence) is
thrown out.

Also why prefer not running as Admin?? You do have admin rights / or are a
Security professional within this company?? / are actually empowered to
install this type of data gathering tool on a companies system. If not then
you are asking the wrong group!

Ciao

~P
----- Original Message -----
From: "John Daniele" <johnd@tsintel.com>
To: "Michael Ullrich" <ullmic6@web.de>
Cc: <security-basics@securityfocus.com>
Sent: Wednesday, January 23, 2002 11:26 AM
Subject: Re: keylogger?

>
> Hi Michael,
>
> Before even considering the specifics of installing surveillance devices,
> do consider what you are trying to accomplish. Be clear as to what your
> company's intentions are. Are they to simply fire this individual or
> perhaps press charges. Perhaps you have already done this, but in either
> case I would advise you to review your company's HR policies before
> proceeding. Ensure that your HR policy specifically states that your
> employees may be closely monitored for internal security purposes. Also
> ensure that the suspect has signed off understanding and acceptance of
> these policies. If not, you may want to coordinate this operation with
> your company's lawyers as you may or may not be violating this
> individual's privacy rights, if any.
>
> If your company does intend to press charges, I would encourage you to
> enlist the services of a computer forensic investigator to assist in
> collecting evidence that can be admissible in the court of law. There are
> very strict procedures that need to be followed in order to meet
> admissibility requirements. Also consider the possibility that this
> individual files a wrongful dismissal suit. Having evidence on your side
> collected in accordance with the law may help prevent the suit from
> progressing any further.
>
> Also consider the possibility that once you begin monitoring this
> individual, you are witness to other, unrelated, criminal acts. You may be
> required by law to report this activity to the proper law enforcement
> authority. If proper procedure was not followed from the beginning, that
> evidence may or may not be admissible; making law enforcement's job that
> much more difficult.
>
>
> ----------------------------------
> John Daniele
> Technical Security & Intelligence
> Toronto, ON
> Voice: (416) 605-2041
> Email: johnd@tsintel.com
> Web: http://www.tsintel.com
> ----------------------------------
>
>
> On Wed, 23 Jan 2002, Michael Ullrich wrote:
>
> > It looks like as if somebody in our company is misusing
> > the pcs of others. We have already changed passwords and stuff.
> > But nevertheless I want to install some kind of logging software on pcs
> > which we left open. The audit policy on NT4 (which is the os of those
> > pcs) is not enough. Does anybody know good logging software that is
> > free. It would be good if this could be installed without
> > Admin rights.
> >
> > Thanx
> > Mike
> >
> >
____________________________________________________________________________
__
> > 100 MB gute Gründe. Jetzt im WEB.DE Club anmelden und Prämie sichern!
> > Superstars, Topevents und Wunschrufnummer inklusive - http://club.web.de
> >
> >
>
>

Relevant Pages

  • Win XP home upgrade
    ... you can install it as many times as you ... on as many PCs as you want. ... I know that if you sell or give away ... >purchased, you are requied, by law, to remove it from ...
    (microsoft.public.windowsxp.general)
  • Re: hard cases make bad law
    ... The guy in question either broke the law or he did not break the law. ... Mr. Holt said he was responding to new evidence presented to him and other ... They charge that the government has intentionally withheld that material ... formal referral from Congress for investigation would make it easier for ...
    (soc.retirement)
  • Re: Ball tampering can go unseen on cameras says Sanjay
    ... EVIDENCE that SRT REALLY TAMPERED the ball in SA. ... There is no problem with the law, it is the same for everyone. ... When the LAW is FUCKED UP, umpires have to EXERCISE GOOD JUDGEMENT because ...
    (rec.sport.cricket)
  • Re: OT: Bush insults BBC Editor
    ... You would give the benefit of law to the Devil himself. ... watch Chris Wallace interview some Dem Senator named Russ Feingold on ... Feingold admits that he has NOTHING ... --absolutely no evidence of any wrong doing at all. ...
    (rec.arts.theatre.musicals)
  • Re: why do countries become democracies?
    ... It was in my opinion illegal. ... with evidence for the legal situation. ... bank but let's just set aside the law. ... A cite is a reference to a piece of text where someone lays out the ...
    (talk.origins)