Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Computer forensics to uncover illegal internet use

From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Tue, 30 Aug 2005 10:38:48 -0400
It might be beneficial to drop a keylogger on the machine and record
data that way.  

Another neat idea is to put an NTOP box between your gateway and your
network.  It will record all outgoing/incoming traffic and correlate
IP's and MAC addresses.  However this will not help you if the employee
is not longer employed with your company.

If your are doing a forensic investigation you should STOP right where
you are and DD image the drive.  You should not be doing any work on the
actual drive itself.  It might be beneficial to resubmit your inquiry to
the forensics forum.

JMB 

     =|   -----Original Message-----
     =|   From: Edmond Chow [mailto:echow () videotron ca] 
     =|   Sent: Tuesday, August 30, 2005 10:27 AM
     =|   To: security-basics () securityfocus com; Beauford, Jason
     =|   Cc: Edmond Chow
     =|   Subject: RE: Computer forensics to uncover illegal 
     =|   internet use
     =|   
     =|   Good morning Jason,
     =|   
     =|   Thank-you to you and all who responded to me with 
     =|   their ideas.  I am wondering if there are any 
     =|   reference books available that would guide me through 
     =|   an investigation of this sort?  I am dealing with a 
     =|   case involving the viewing of child pornographic 
     =|   websites so I want to be careful to follow reference 
     =|   guidelines of some sort so that I don't end up in jail myself!
     =|   
     =|   Any help that you can provide in the form of links to 
     =|   articles and/or books on this subject would be 
     =|   greatly appreciated.
     =|   
     =|   Regards,
     =|   
     =|   
     =|   Edmond
     =|   
     =|
Previous By Date Next
Previous By Thread Next

Current thread: