RE: digital surveillance techniques for forensics/penetration

From: Rob Shein (shoten@starpower.net)
Date: Fri Jan 23 2004 - 09:30:02 EST

• Next message: Byron Sonne: "Re: hardware vs. john the ripper - fun"
• Previous message: sil: "Re: digital surveillance techniques for forensics/penetration"
• In reply to: Kerri Sharp: "digital surveillance techniques for forensics/penetration"
• Next in thread: Byron Sonne: "Re: digital surveillance techniques for forensics/penetration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There are several tools, and the main question is: how pretty do you want
the tool to be? There are myriad command-line tools for capturing various
types of communication, from IM to email to HTTP, in reader-usable form
(that is, not getting things like TCP sequence numbers or individual data
about packets, but instead showing you the content itself, in human-friendly
format). The problem is, these tools stand alone, and have no real
management frontend; you get all the stuff, mixed together. They work well
for their purpose though. At the other end of the spectrum is, if it exists
anymore, SilentRunner, by Raytheon. This is incredibly sophisticated, and
can track and capture all sorts of data, but it's crazy expensive, probably
does WAY more than what you're looking for, and tends to fall over like a
toothpick placed on end if subjected to much traffic, as many people have
noted. Also, you mention forensics and pen-testing as applications; I think
the nature of your needs would differ greatly between those two roles. The
command-line stuff is excellent for that, since you can always winnow the
wheat from the chaff of your capture later, while in a forensics role, you'd
end up taking too long to find the needle in the haystack while the incident
in question continues. Which need is it you're looking to fulfill
primarily?

> -----Original Message-----
> From: Kerri Sharp [mailto:kerri@dancetonight.com]
> Sent: Thursday, January 22, 2004 7:39 PM
> To: forensics@securityfocus.com; pen-test@securityfocus.com
> Subject: digital surveillance techniques for forensics/penetration
>
>
> Hi List
>
> Anyone know of the tool which reconstructs captured data??
> For example intercepted email with attachments or ftp data.
>
> I saw a flash demo sometime ago at www.sainstitute.org about
> digital surveillance techniques which they cover in
> DefensiveForensics and DefensiveHacking. This demo has since been
> removed :-( any ideas anyone?
>
> Thx
> Kerri
>
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Byron Sonne: "Re: hardware vs. john the ripper - fun"
• Previous message: sil: "Re: digital surveillance techniques for forensics/penetration"
• In reply to: Kerri Sharp: "digital surveillance techniques for forensics/penetration"
• Next in thread: Byron Sonne: "Re: digital surveillance techniques for forensics/penetration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT