Re: keylogger?
From: PowerCuff (powercuff@accesswave.ca)Date: 01/25/02
- Previous message: Holmes, Ben: "RE: I've been hurt by an e-mail virus ! What virus is it ?"
- In reply to: John Daniele: "Re: keylogger?"
- Next in thread: Michael Ullrich: "Re: Re: keylogger?"
- Maybe reply: Michael Ullrich: "Re: Re: keylogger?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "PowerCuff" <powercuff@accesswave.ca> To: "John Daniele" <johnd@tsintel.com> Date: Thu, 24 Jan 2002 21:39:55 -0800
Hi all,
John raises some very interesting points! MAKE sure that you know what you
are looking for, your end goal and the appropriate steps to get you there.
If you can't articulate these three items, perhaps you should consider
whether or not anything that you capture with a logger will be of any use??
/ will you know what to do with it once it is collected??
I echo John's comments re: prosecution/law enforcement with tied hands. I
have worked with law enforcement and their biggest complaint is companies
that taint evidence that results in on-going investigations / new legal
proceedings from falling flat b/c the evidence (and associated evidence) is
thrown out.
Also why prefer not running as Admin?? You do have admin rights / or are a
Security professional within this company?? / are actually empowered to
install this type of data gathering tool on a companies system. If not then
you are asking the wrong group!
Ciao
~P
----- Original Message -----
From: "John Daniele" <johnd@tsintel.com>
To: "Michael Ullrich" <ullmic6@web.de>
Cc: <security-basics@securityfocus.com>
Sent: Wednesday, January 23, 2002 11:26 AM
Subject: Re: keylogger?
>
> Hi Michael,
>
> Before even considering the specifics of installing surveillance devices,
> do consider what you are trying to accomplish. Be clear as to what your
> company's intentions are. Are they to simply fire this individual or
> perhaps press charges. Perhaps you have already done this, but in either
> case I would advise you to review your company's HR policies before
> proceeding. Ensure that your HR policy specifically states that your
> employees may be closely monitored for internal security purposes. Also
> ensure that the suspect has signed off understanding and acceptance of
> these policies. If not, you may want to coordinate this operation with
> your company's lawyers as you may or may not be violating this
> individual's privacy rights, if any.
>
> If your company does intend to press charges, I would encourage you to
> enlist the services of a computer forensic investigator to assist in
> collecting evidence that can be admissible in the court of law. There are
> very strict procedures that need to be followed in order to meet
> admissibility requirements. Also consider the possibility that this
> individual files a wrongful dismissal suit. Having evidence on your side
> collected in accordance with the law may help prevent the suit from
> progressing any further.
>
> Also consider the possibility that once you begin monitoring this
> individual, you are witness to other, unrelated, criminal acts. You may be
> required by law to report this activity to the proper law enforcement
> authority. If proper procedure was not followed from the beginning, that
> evidence may or may not be admissible; making law enforcement's job that
> much more difficult.
>
>
> ----------------------------------
> John Daniele
> Technical Security & Intelligence
> Toronto, ON
> Voice: (416) 605-2041
> Email: johnd@tsintel.com
> Web: http://www.tsintel.com
> ----------------------------------
>
>
> On Wed, 23 Jan 2002, Michael Ullrich wrote:
>
> > It looks like as if somebody in our company is misusing
> > the pcs of others. We have already changed passwords and stuff.
> > But nevertheless I want to install some kind of logging software on pcs
> > which we left open. The audit policy on NT4 (which is the os of those
> > pcs) is not enough. Does anybody know good logging software that is
> > free. It would be good if this could be installed without
> > Admin rights.
> >
> > Thanx
> > Mike
> >
> >
____________________________________________________________________________
__
> > 100 MB gute Gründe. Jetzt im WEB.DE Club anmelden und Prämie sichern!
> > Superstars, Topevents und Wunschrufnummer inklusive - http://club.web.de
> >
> >
>
>
- Previous message: Holmes, Ben: "RE: I've been hurt by an e-mail virus ! What virus is it ?"
- In reply to: John Daniele: "Re: keylogger?"
- Next in thread: Michael Ullrich: "Re: Re: keylogger?"
- Maybe reply: Michael Ullrich: "Re: Re: keylogger?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
