Greetings, You could probably make a determination without deploying spyware. If you grab the MFT, analysis of it can tell you a lot about the user's activity. Get the prefetch files and registry hives. Get the various browser caches. Do traditional forensics .....
-David On May 25, 2013, at 9:26 PM, Dan Baxter <[email protected]> wrote: > Okay, yesterday at work, I was asked if I could deploy some spyware to a PC > to determine what a particular user is doing. The requestor was one of our > corporate attorneys, no less. > > The concern is that this individual is possibly accessing sensitive documents > and getting them to a competitor. I'm not at this location, so I don't know > the person, or the exact circumstances or requirements, yet. I have been > told he's the "unofficial IT guy" for this location, so he may be wary. > > At present, we don't block access to USB drives. We do block access to cloud > based storage (Dropbox, Copy, Skydrive, etc). > > Ironically, this is the same atty that helped shoot down a DLP project I was > working on earlier this year. I took gratification in pissing her off by > reminding her that this would be a perfect example of why we need one. > > Anyway, assuming I get signoff from HR and our Ethics department (still > questionable), are there any suggestions of what I could deploy? Also, I > realize some testing is going to need to be done to make sure it doesn't set > off alarms on his A/V. Any other pitfalls I need to be aware of? > > Thanks in advance. > > > Dan Baxter > ------------------------------------------------- > Quis custodiet ipsos custodes? > > "A sword never kills anybody; it is a tool in the killers hands."-Lucius > Annaeus Seneca, c.4BC-65AD > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
