Security Basics mailing list archives
Re: help with forensics on a desktop computer
From: H Carvey <keydet89 () yahoo com>
Date: 16 Nov 2004 20:04:46 -0000
In-Reply-To: <1100433041.854.1.camel@anathema> xyberpix,
Install a keylogger on the machine, then you should be able to see if anyone else gains access.
Perhaps you can specify a specific keylogger, as most that I am familiar with monitor keyboard interrupts...since the keyboard for a remote attacker isn't attached to the system, maybe you can specify a particular keylogger to use (by name and where to get it) that will monitor what's typed in over a remote connection.
The evidence for this they have gathered from Norton Tools
Have you looked at this evidence? I'd start there. I'd also try to find out from the user what sorts of symptoms they are seeing. Too many admins simply accept that a system is infected w/ a virus b/c the user says so, without pursuing any troubleshooting or evidence collection of their own...and many times, this can be bad. H. Carvey "Windows Forensics and Incident Recovery" http://www.windows-ir.com
Current thread:
- help with forensics on a desktop computer Undisclosed (Nov 12)
- Re: help with forensics on a desktop computer music2myear (Nov 15)
- RE: help with forensics on a desktop computer dave kleiman (Nov 15)
- Re: help with forensics on a desktop computer xyberpix (Nov 15)
- Re: help with forensics on a desktop computer Anthony J. Cogan (Nov 15)
- <Possible follow-ups>
- RE: help with forensics on a desktop computer Beauford, Jason (Nov 15)
- RE: help with forensics on a desktop computer adisegna (Nov 15)
- RE: help with forensics on a desktop computer Jeff Gercken (Nov 15)
- RE: help with forensics on a desktop computer Horn Michael (Nov 16)
- Re: help with forensics on a desktop computer Josh Nerius (Nov 16)
- Re: help with forensics on a desktop computer H Carvey (Nov 16)