Home page logo

basics logo Security Basics mailing list archives

RE: tools used to examine a computer
From: "Michael Parker" <mparker () rim net>
Date: Fri, 14 Feb 2003 12:38:05 -0500

Hi Joshua,

There's a multitude of tools that you can use for any number of purposes.  If you are interested in doing some data 
recovery, try Ontrack Easy Recovery.  If you suspect someone of doing something illegal or against policy you might try 
keylogging software such as Spector or Perfect KeyLogger.  What exactly are you trying to do?  


Michael,  MCP, GSEC, BCCSA
BlackBerry Technical Support 
Research in Motion, Ltd. 
Tel: 1-877-BLK-BERRY 
Email: help () BlackBerry net 
Web: www.BlackBerry.net <http://www.BlackBerry.net>  




        Wireless Enterprise Symposium  May 6-7, New Orleans, LA

Join RIM and the industry's leading technology companies, including AT&T Wireless, Consilient, HP, Motient and NetIQ at 
the Wireless Enterprise Symposium.  Hear from leaders and experts including Al Gore and Andrew Seybold.  Register by 
March 31st and receive a $200 discount off the standard registration fee!  

Visit: www.attendwes.com


For on-line technical assistance, please refer to our website: 
Technical FAQ: http://www.BlackBerry.net/knowledgecenter/livelink.exe 
Paging FAQ:   http://www.BlackBerry.net/support/paging/index.shtml 

-----Original Message-----
From: Hopkins, Joshua [mailto:joshua.hopkins () aruplab com]
Sent: February 13, 2003 6:41 PM
Cc: security-basics () securityfocus com
Subject: tools used to examine a computer

I could really use some help in finding a tool that will be used when and
employee gets terminated or when a computer gets broken into.  I had a
network breach happen from the inside and when I went and took the machine
back to the operation center I found that a login script was placed into the
admin account for that machine and the script erased the evidence.  I was
able to copy some files over the network before I took the computer into
custody. What tools are out there that can really be helpful in

Joshua R. Hopkins
Information Security Analyst
ARUP Laboratories
Salt Lake City, UT
tel.  801.583.2787 ext 3110
fax. 801.584.5108
josh.hopkins () aruplab com
 -----Original Message-----
From:   James Taylor [mailto:james_n_taylor () yahoo com] 
Sent:   Wednesday, February 12, 2003 7:56 PM
To:     Naman Latif
Cc:     security-basics () securityfocus com
Subject:        Re: Read Only Ethernet Cable

From google...



http://www.robertgraham.com/pubs/sniffing-faq.html - 3.6
How can I create a receive-only Ethernet adapter?

You use 2 cards, one in 'read-only' promiscous mode
sniffing the wire, the other connected to the management
network (& severly restricted) to communicate with the


--- Rory <nazgul () csn ul ie> wrote:
I'm assuming here by the information you've given so if
i'm wrong please
correct me. You want to make a cable that allows the
traffic to go in one
direction. the idea being that your snort box does not
send information
just receives it. I don't think you can do this with a
special cable as
ethernet need to be able to send acks back to let the
sending side know
that it received that data. So you will need to do this
at OS level not
with a special cable. If you were to do what you were
suggesting the
sending box would send only the number of packets in the
TCP window and
that would be it (it mayt resend them but in the end it
will just be a
small set of information ). you will need to do this with
chain rules.

If my assumptions were totally wrong sorry.


On Tue, 11 Feb 2003, Naman Latif wrote:

Can anyone tell me how to make a Read-Only Ethernet
Cable to be used
with Snort\Sniffer

IS this correct

LAN         Snort\Switch
1          1
2          2

Then on both sides, connect 1&2 to eachother ?

\\ Naman

Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]