Penetration Testing mailing list archives
RE: digital surveillance techniques for forensics/penetration
From: "Rob Shein" <shoten () starpower net>
Date: Fri, 23 Jan 2004 09:30:02 -0500
There are several tools, and the main question is: how pretty do you want the tool to be? There are myriad command-line tools for capturing various types of communication, from IM to email to HTTP, in reader-usable form (that is, not getting things like TCP sequence numbers or individual data about packets, but instead showing you the content itself, in human-friendly format). The problem is, these tools stand alone, and have no real management frontend; you get all the stuff, mixed together. They work well for their purpose though. At the other end of the spectrum is, if it exists anymore, SilentRunner, by Raytheon. This is incredibly sophisticated, and can track and capture all sorts of data, but it's crazy expensive, probably does WAY more than what you're looking for, and tends to fall over like a toothpick placed on end if subjected to much traffic, as many people have noted. Also, you mention forensics and pen-testing as applications; I think the nature of your needs would differ greatly between those two roles. The command-line stuff is excellent for that, since you can always winnow the wheat from the chaff of your capture later, while in a forensics role, you'd end up taking too long to find the needle in the haystack while the incident in question continues. Which need is it you're looking to fulfill primarily?
-----Original Message----- From: Kerri Sharp [mailto:kerri () dancetonight com] Sent: Thursday, January 22, 2004 7:39 PM To: forensics () securityfocus com; pen-test () securityfocus com Subject: digital surveillance techniques for forensics/penetration Hi List Anyone know of the tool which reconstructs captured data?? For example intercepted email with attachments or ftp data. I saw a flash demo sometime ago at www.sainstitute.org about digital surveillance techniques which they cover in DefensiveForensics and DefensiveHacking. This demo has since been removed :-( any ideas anyone? Thx Kerri -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- digital surveillance techniques for forensics/penetration Kerri Sharp (Jan 22)
- Re: digital surveillance techniques for forensics/penetration sil (Jan 23)
- Re: HailStorm - was digital surveillance techniques for forensics/penetration DaemonLabs.com Support (MLM) (Jan 29)
- RE: digital surveillance techniques for forensics/penetration Rob Shein (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Byron Sonne (Jan 23)
- RE: digital surveillance techniques for forensics/penetration Jerry Shenk (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Bill Weiss (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Eoghan Casey (Jan 23)
- Re: digital surveillance techniques for forensics/penetration lists-mptruem-f25-com (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Chris Reining (Jan 25)
- RE: digital surveillance techniques for forensics/penetration Jason Jaszewski (Jan 27)
- <Possible follow-ups>
- RE: digital surveillance techniques for forensics/penetration ADM SMS (Jan 27)
- RE: digital surveillance techniques for forensics/penetration Franklin Sheila H DLVA (Jan 28)
(Thread continues...)
- Re: digital surveillance techniques for forensics/penetration sil (Jan 23)