Security Basics mailing list archives
RE: chat logs
From: "Keller, Tim" <Tim.Keller () stratus com>
Date: Fri, 13 May 2005 15:41:41 -0400
The one thing you've got going for you is all of these protocols are unencrypted. I'm not going to get into the details because this email would get a little long, but this is how I'd do it. I'd take a port on the router and configure it to mirror all the traffic to this port. I'd then take a Linux box plug it into said port, install snort and configure it to trap all AIM/MSN/Yahoo/email/IRC and record all URL's that are accessed. I'm going to keep the discussion purely technical and not go into the privacy part at all. That's a whole other can of worms. -----Original Message----- From: P.C. 'Chris' Garriss [mailto:chris_garriss () unc edu] Sent: Friday, May 13, 2005 10:37 AM To: Steve; Melissa Fischer; security-basics () securityfocus com Subject: Re: chat logs Agreed on that. There are a number of forensic tools that can, to some degree, reconstruct chats, etc., however none that I know of that are effective are either free or easily distributable. The cache for web browsers is fairly easy to clear, so there may be limited information available there, and depending on the browser used, difficult to interpret without forensic tools. History is also pretty easy to clear, and most reasonably savvy users know how to clear history and cache, and in some cases I've seen "erase" both by over writing using from freely available tools. The effective forensic tools are either fairly expensive, available only to sworn law enforcement or both for the most part, and take a trained person to use and interpret the results effectively. As for chat programs, I have seen far more use of MSN Messenger and Yahoo than AOL, but that may be regional, although I know my nieces and nephews in Canada, and all of their friends, use MSN. Good luck, I wish that I had more positive information to offer. Chris Garriss On 12.05.2005 17:17 Steve spoke thusly:
Good luck in your search and my thoughts are with your community that this all turns out fine without incident. Most high school students will use AOL's instant messenger for chat. I did some quick research and did not see much on checking logs for AOL instant messenger but perhaps others on the list can help. See the web browser history log check recommendations here: http://www.perverted-justice.com/guide/?pg=parents http://www.usdoj.gov/criminal/ceos/onlinesafety.html "In addition, the Internet browser (such as Internet Explorer, Netscape, or America Online) that children use to surf the web automatically tracks useful information. Parents can easily review the browser "history" file to see approximately 20 sites that have been most recently visited by that browser. Parents can use this Internet history function by clicking on the small downward shaped arrow in the address box of their Internet browser. Along similar lines, parents can search their computer's Internet "cache" files, which are system resources that store a longer list of recently visited Internet sites. The simplest way for parents to access the cache files is search for the word "cache" using the computer system's search function; the search function is typically found in the start menu in the bottom left hand corner of the computer screen. Parents can gather information using their computer's "cookies" records as well. Cookies are trace files that contain information about Internet users and can provide additional clues for parents about the kinds of sites that their children are visiting. However, parents should recognize that technically skilled children can edit or delete all of these kinds of records." STEVE ----- Original Message ----- From: "Melissa Fischer" <Melissa.Fischer () NorthMemorial com> To: <security-basics () securityfocus com> Sent: Thursday, May 12, 2005 2:52 PM Subject: chat logs Our community, Waconia, Minnesota has recently been the victims of threats against our children and schools. http://www.startribune.com/stories/462/5399090.html The Emergency Response Task Force assigned to our case asked parents to go home and check their kids computers for any chats or emails with information. We are trying to find a document explaining where and what to look at to find any information. We would like to post this on our school main page www.waconia.k12.mn.us for a resource for parents to use on how to find any information. Can you tell me where to find this information? Thank you in advance, Melissa Fischer Database Administrator Data and System Engineering North Memorial Health Care 763/520-1533 melissa.fischer () northmemorial com
Current thread:
- RE: chat logs, (continued)
- RE: chat logs Beauford, Jason (May 13)
- RE: chat logs Andrew Williams (May 13)
- Fwd: Re: chat logs Melissa Fischer (May 13)
- RE: Re: chat logs Stephen Alford (May 16)
- RE: Re: chat logs David (May 17)
- Re: Re: chat logs Greg Stiavetti (May 16)
- RE: Re: chat logs Bob Beck (May 17)
- Re: chat logs - moderator's note Kelly Martin (May 18)
- Re: Re: chat logs Steve (May 17)
- RE: Re: chat logs Stephen Alford (May 16)
- RE: chat logs Nick Kriger (May 13)
- RE: chat logs Keller, Tim (May 13)
- Re: chat logs Zaven (May 16)
- Re: chat logs Times Enemy (May 16)
- Re: chat logs Zaven (May 16)
- RE: chat logs aixroot (May 16)
- RE: Re: chat logs Beauford, Jason (May 17)
- Re: chat logs Dave Aronson (May 18)
- Re: chat logs Alexander Klimov (May 18)
- RE: chat logs Steve Bostedor (May 17)
- Re: chat logs Stian Øvrevåge (May 18)
- RE: Re: chat logs Joshua Berry (May 18)
- RE: Re: chat logs Melissa Fischer (May 18)