Home page logo

pen-test logo Penetration Testing mailing list archives

RE: digital surveillance techniques for forensics/penetration
From: "Rob Shein" <shoten () starpower net>
Date: Fri, 23 Jan 2004 09:30:02 -0500

There are several tools, and the main question is: how pretty do you want
the tool to be?  There are myriad command-line tools for capturing various
types of communication, from IM to email to HTTP, in reader-usable form
(that is, not getting things like TCP sequence numbers or individual data
about packets, but instead showing you the content itself, in human-friendly
format).  The problem is, these tools stand alone, and have no real
management frontend; you get all the stuff, mixed together.  They work well
for their purpose though.  At the other end of the spectrum is, if it exists
anymore, SilentRunner, by Raytheon.  This is incredibly sophisticated, and
can track and capture all sorts of data, but it's crazy expensive, probably
does WAY more than what you're looking for, and tends to fall over like a
toothpick placed on end if subjected to much traffic, as many people have
noted.  Also, you mention forensics and pen-testing as applications; I think
the nature of your needs would differ greatly between those two roles.  The
command-line stuff is excellent for that, since you can always winnow the
wheat from the chaff of your capture later, while in a forensics role, you'd
end up taking too long to find the needle in the haystack while the incident
in question continues.  Which need is it you're looking to fulfill

-----Original Message-----
From: Kerri Sharp [mailto:kerri () dancetonight com] 
Sent: Thursday, January 22, 2004 7:39 PM
To: forensics () securityfocus com; pen-test () securityfocus com
Subject: digital surveillance techniques for forensics/penetration

Hi List

Anyone know of the tool which reconstructs captured data?? 
For example intercepted email with attachments or ftp data.

I saw a flash demo sometime ago at www.sainstitute.org about 
digital surveillance techniques which they cover in 
DefensiveForensics and DefensiveHacking. This demo has since been 
removed :-( any ideas anyone?




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]