Security Basics mailing list archives
RE: Computer forensics to uncover illegal internet use
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 30 Aug 2005 08:37:56 -0700
Also, at a network level, we know his IP address but yet my technical support department is telling me that they cannot (either because they don't want to or because they are not technically capable of) tell me what internet sites this IP address has accessed in the past.
Logically, there must be a point in the network (on some piece of hardware) where I can consult log files to track his activities? Or, is there a log file that I can consult that will tell me what sites all my users have accessed and from what IP address?
Uh, no. Ask your city Traffic Department how many times a car has made a trip to a specific store, given its license number. "Logically, there must be a traffic signal that the car will have driven past to get there." But Traffic Departments do not have equipment installed at every traffic signal, logging all of the cars that pass through and where they are going, on the off chance that some later investigator will want to ask this question. At best, most network groups I've worked in have logged attempts to violate policy by visiting specific *known* bad sites (and other violations). It would be really quite unusual to come in after the fact and be able to get a list of violations that were not known to be such at the time. (By analogy -- a "red light camera" doesn't photograph every car that passes through an intersection, only those who are detected to be doing so when they should not.) You may turn up something on the machine itself. But if the network team says they don't routinely log everything that crosses the network, I see no good reason not to believe them. David Gillett
Current thread:
- RE: Computer forensics to uncover illegal internet use, (continued)
- RE: Computer forensics to uncover illegal internet use Joel A. Folkerts (Aug 30)
- RE: Computer forensics to uncover illegal internet use Subscription (Aug 30)
- Re: Computer forensics to uncover illegal internet use Frankie Li (Aug 30)
- Re: Computer forensics to uncover illegal internet use James Leighe (Aug 30)
- Re: Computer forensics to uncover illegal internet use dallas jordan (Aug 30)
- RE: Computer forensics to uncover illegal internet use Eduardo Suzuki (Aug 30)
- RE: Computer forensics to uncover illegal internet use Jonathan Loh (Aug 30)
- Re: Computer forensics to uncover illegal internet use Steve Hillier (Aug 30)
- Re: Computer forensics to uncover illegal internet use Steven Kalcevich (Aug 30)
- RE: Computer forensics to uncover illegal internet use George Lantz (Aug 30)
- RE: Computer forensics to uncover illegal internet use David Gillett (Aug 30)
- RE: Outlook Security Ramki B (Aug 26)