Hi Joshua, There's a multitude of tools that you can use for any number of purposes. If you are interested in doing some data recovery, try Ontrack Easy Recovery. If you suspect someone of doing something illegal or against policy you might try keylogging software such as Spector or Perfect KeyLogger. What exactly are you trying to do?
Regards, Sincerely, Michael, MCP, GSEC, BCCSA BlackBerry Technical Support Research in Motion, Ltd. Tel: 1-877-BLK-BERRY Email: [EMAIL PROTECTED] Web: www.BlackBerry.net <http://www.BlackBerry.net> ******************************************************************************************** Wireless Enterprise Symposium May 6-7, New Orleans, LA Join RIM and the industry's leading technology companies, including AT&T Wireless, Consilient, HP, Motient and NetIQ at the Wireless Enterprise Symposium. Hear from leaders and experts including Al Gore and Andrew Seybold. Register by March 31st and receive a $200 discount off the standard registration fee! Visit: www.attendwes.com ******************************************************************************************** For on-line technical assistance, please refer to our website: Technical FAQ: http://www.BlackBerry.net/knowledgecenter/livelink.exe <http://www.BlackBerry.net/knowledgecenter/livelink.exe> Paging FAQ: http://www.BlackBerry.net/support/paging/index.shtml <http://www.blackberry.net/support/paging/index.shtml> -----Original Message----- From: Hopkins, Joshua [mailto:[EMAIL PROTECTED]] Sent: February 13, 2003 6:41 PM Cc: [EMAIL PROTECTED] Subject: tools used to examine a computer I could really use some help in finding a tool that will be used when and employee gets terminated or when a computer gets broken into. I had a network breach happen from the inside and when I went and took the machine back to the operation center I found that a login script was placed into the admin account for that machine and the script erased the evidence. I was able to copy some files over the network before I took the computer into custody. What tools are out there that can really be helpful in monitoring/forensics. Joshua R. Hopkins Information Security Analyst ARUP Laboratories Salt Lake City, UT tel. 801.583.2787 ext 3110 fax. 801.584.5108 [EMAIL PROTECTED] -----Original Message----- From: James Taylor [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 7:56 PM To: Naman Latif Cc: [EMAIL PROTECTED] Subject: Re: Read Only Ethernet Cable >From google... http://www.silicondefense.com/techsupport/ro-ethernet.htm http://www.mcabee.org/lists/snort-users/Jun-01/msg00504.html http://www.robertgraham.com/pubs/sniffing-faq.html - 3.6 How can I create a receive-only Ethernet adapter? You use 2 cards, one in 'read-only' promiscous mode sniffing the wire, the other connected to the management network (& severly restricted) to communicate with the sensor. Regards JT --- Rory <[EMAIL PROTECTED]> wrote: > I'm assuming here by the information you've given so if > i'm wrong please > correct me. You want to make a cable that allows the > traffic to go in one > direction. the idea being that your snort box does not > send information > just receives it. I don't think you can do this with a > special cable as > ethernet need to be able to send acks back to let the > sending side know > that it received that data. So you will need to do this > at OS level not > with a special cable. If you were to do what you were > suggesting the > sending box would send only the number of packets in the > TCP window and > that would be it (it mayt resend them but in the end it > will just be a > small set of information ). you will need to do this with > chain rules. > > If my assumptions were totally wrong sorry. > > cheers, > Rory > > On Tue, 11 Feb 2003, Naman Latif wrote: > > > Hi, > > Can anyone tell me how to make a Read-Only Ethernet > Cable to be used > > with Snort\Sniffer > > > > IS this correct > > > > LAN Snort\Switch > > 1 1 > > 2 2 > > 3----------3 > > 4 > > 5 > > 6----------6 > > 7 > > 8 > > > > Then on both sides, connect 1&2 to eachother ? > > > > \\ Naman > > > __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
