Re: help with forensics on a desktop computer

["Anthony J. Cogan" <anthony.cogan () thinkunix com>]

Checkout SpecterCNE at http://www.eblaster.com/CNE.html

Undisclosed wrote:

> [reply address not given due to client's instance on confidentiality]
>
> Ok heres the skinny:
> an XP box (home edition) the client feels that it has been compromised from
> remote.
> The evidence for this they have gathered from Norton Tools (I am unfamilar
> with any
> logging feature though I do not use Norton Tools). I disabled remote desktop
> support
> in services and they called me and said again there is evidence of access
> from remote.
> Now, the location of the computer in their house is in a small secured room
> (access
> doesnt happen  from anyone except the client from there [that they know
> of!]. Yes others
> live in the house.
>
> Question is there any effective free or inexpensive (under $100) that
> monitors access
> both local and from remote. Something that can be installed via
> administrative account
> and not detected by anyone else using the computer? Or tell me if I am
> dreaming but can be
> run from a floppy or a CDROM rather than installed? If I am on the right
> track maybe
> something that puts a log on the A: drive.
>
> Also, Is there any software which anyone might have put on it to compromise
> it from remote?
> I am aware of PCAnywhere and remote assistance (now disabled).
>
> Treat me like I'm six years old. All comments and answers appreciated.
>
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.792 / Virus Database: 536 - Release Date: 11/9/04
>