Re: Network Compromised

["Mike Hale" <eyeronic.design () gmail com>]

If you're going to attempt to present it as evidence, you don't do it
yourself as it sounds like you have no experience in this arena.  You
need to contact someone local who's done these things before.  As
Craig Wright lives in Australia, he may have some recommendations for
you if he's not too busy at the moment.

Unfortunately, it will be expensive; competent security services don't
come cheap.

On Wed, Jul 30, 2008 at 10:22 PM, Evan D. Blackmore
<evan.blackmore () advproj com au> wrote:
> Hi all
>
> Recently the network at my place of employment was compromised the only
> evidence I could easily recovery was the attackers dhcp lease on our
> network. This same attacker also got onto my network at home and onto my
> personal machine (teach me for not keeping my firewall up to date) I
> took the easy option at home and just reinstalled the operating system.
> I can't do that at work however........the thing is I'm not sure if he
> did anything while on my work network. I thought that he may have gotten
> my logon when he compromised my machine (I use a vpn from home) but the
> date of the dhcp lease indicates that he was on my employers network
> first.
>
> I rang the cops (computer crime) and they told me that I would have to
> investigate it myself so I'm posting to get some advice on how I might
> go about this or if it is even necessary. I'm familiar with forensics on
> Linux boxes as I did it at uni but we run a Windows based network here.
>
>
> Regards,
>
> Evan Blackmore
> Advanced Project Solutions
>
> Office - +61 8 9441 5700
> Direct - +61 8 9441 5773



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0