Full Disclosure mailing list archives

Re: Break-in discovery and forensics tools

From: "Hotmail" <se_cur_ity () hotmail com>
Date: Wed, 23 Apr 2003 09:18:58 -0700

 I realize the importance of after incident forensics... What I dont
understand is logs used in a court for prosecution. Logs are inheritly not
preservable or physical evidence, it is tamperable from the time the
external data hits a MAC, if that were the case basicly I could take my logs
and edit any damn originating ip i choose, send thosse logs to law
enforcement, and have an innocent person convicted. Logs are nice.. but IMHO
defeatable in court.

wood

----- Original Message -----
From: <roman.kunz () juliusbaer com>
To: <steve.wray () paradise net nz>; <full-disclosure () lists netsys com>
Sent: Wednesday, April 23, 2003 2:47 AM
Subject: RE: [Full-disclosure] Break-in discovery and forensics tools


Hi Steve,

steve wrote:
You mean for every OS that runs on a PC, right? Like BeOS for example?
How about OpenBSD? SCO Unixware? Solaris (PC version)?


BeOS i dunno. But the unix's shouldn't be that hard. simply replace the
encrypted pass in the /etc/shadow file is enough.
you can create your own encrypted passwd's with: perl -e 'print
substr(crypt("<your pass>", "<salt>"), 0) . "\n"'
just replace in the shadow file and you can login with <your pass>.


cheers
--r


*****Disclaimer*****
This message is for the addressee only and may contain confidential or
privileged information. You must delete and not use it if you are not the
intended recipient. It may not be secure or error-free. All e-mail
communications to and from the Julius Baer Group may be monitored.
Processing of incoming e-mails cannot be guaranteed. Any views expressed

in

this message are those of the individual sender. This message is for
information purposes only. All liability of the Julius Baer Group and its
entities for any damages resulting from e-mail use is excluded. US persons
are kindly requested to read the important legal information presented
after clicking here: http://www.juliusbaer.com/maildisclaimer



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Break-in discovery and forensics tools, (continued)
- Re: Break-in discovery and forensics tools Timmah (Apr 22)
  - RE: Break-in discovery and forensics tools Steve Wray (Apr 22)
- Re: Break-in discovery and forensics tools Michael (Apr 22)
  - Re: Break-in discovery and forensics tools eecue (Apr 22)
- Re: Break-in discovery and forensics tools Volker Kindermann (Apr 23)
- Re: Break-in discovery and forensics tools madsaxon (Apr 22)
- Re: Break-in discovery and forensics tools yannick san (Apr 23)
- Re: Break-in discovery and forensics tools yannick san (Apr 23)
  - Re: Break-in discovery and forensics tools Dirk Mueller (Apr 23)
- RE: Break-in discovery and forensics tools roman . kunz (Apr 23)
  - Re: Break-in discovery and forensics tools Hotmail (Apr 23)
    - Re: Break-in discovery and forensics tools Shawn McMahon (Apr 23)
    - Re: Break-in discovery and forensics tools Hotmail (Apr 23)
    - Re: Break-in discovery and forensics tools Shawn McMahon (Apr 23)
    - Re: Break-in discovery and forensics tools Hotmail (Apr 23)
    - RE: Break-in discovery and forensics tools Richard M. Smith (Apr 23)
    - RE: Break-in discovery and forensics tools Ron DuFresne (Apr 23)
    - Re: Break-in discovery and forensics tools Valdis . Kletnieks (Apr 23)
    - Re: Break-in discovery and forensics tools Tina Bird (Apr 23)
- RE: Break-in discovery and forensics tools Golomb, Gary (Apr 23)
- RE: Break-in discovery and forensics tools Rainer Gerhards (Apr 23)

(Thread continues...)