RE: Computer forensics to uncover illegal internet use

From: Beauford, Jason (jbeauford_at_EightInOnePet.com)
Date: 08/30/05

Next message: Dave Aronson (SecBasics): "Re: Computer forensics to uncover illegal internet use"

Previous message: Edmond Chow: "RE: Computer forensics to uncover illegal internet use"
Maybe in reply to: Edmond Chow: "RE: Computer forensics to uncover illegal internet use"
Next in thread: Craig, Tobin (OIG): "RE: Computer forensics to uncover illegal internet use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Aug 2005 10:38:48 -0400
To: "Edmond Chow" <echow@videotron.ca>, <security-basics@securityfocus.com>

It might be beneficial to drop a keylogger on the machine and record
data that way.

Another neat idea is to put an NTOP box between your gateway and your
network. It will record all outgoing/incoming traffic and correlate
IP's and MAC addresses. However this will not help you if the employee
is not longer employed with your company.

If your are doing a forensic investigation you should STOP right where
you are and DD image the drive. You should not be doing any work on the
actual drive itself. It might be beneficial to resubmit your inquiry to
the forensics forum.

JMB

     =| -----Original Message-----
     =| From: Edmond Chow [mailto:echow@videotron.ca]
     =| Sent: Tuesday, August 30, 2005 10:27 AM
     =| To: security-basics@securityfocus.com; Beauford, Jason
     =| Cc: Edmond Chow
     =| Subject: RE: Computer forensics to uncover illegal
     =| internet use
     =|
     =| Good morning Jason,
     =|
     =| Thank-you to you and all who responded to me with
     =| their ideas. I am wondering if there are any
     =| reference books available that would guide me through
     =| an investigation of this sort? I am dealing with a
     =| case involving the viewing of child pornographic
     =| websites so I want to be careful to follow reference
     =| guidelines of some sort so that I don't end up in jail myself!
     =|
     =| Any help that you can provide in the form of links to
     =| articles and/or books on this subject would be
     =| greatly appreciated.
     =|
     =| Regards,
     =|
     =|
     =| Edmond
     =|
     =|

Next message: Dave Aronson (SecBasics): "Re: Computer forensics to uncover illegal internet use"

Previous message: Edmond Chow: "RE: Computer forensics to uncover illegal internet use"
Maybe in reply to: Edmond Chow: "RE: Computer forensics to uncover illegal internet use"
Next in thread: Craig, Tobin (OIG): "RE: Computer forensics to uncover illegal internet use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]