Full Disclosure mailing list archives
RE: Break-in discovery and forensics tools
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 23 Apr 2003 14:23:36 -0400
Log files are used fairly often nowadays in both criminal investigations and trials. Here are some examples from the past few years: E-Mail Trail To Pearl Suspects http://www.cbsnews.com/stories/2002/05/08/world/main508294.shtml Philippine ISP cooperating with FBI in virus probe http://news.com.com/2100-1001-240089.html Tracking Melissa's alter egos http://zdnet.com.com/2100-11-514231.html Arrest made in Bloomberg story hoax http://news.com.com/2100-1023-224500.html?legacy=cnet&tag=st.ne.1002.src hres.ni Emulex hoax suspect bond set at $100,000 http://news.com.com/2100-1033-245239.html A person can't be convicted of a crime just because of log files, but they certainly can be used in a trial to tell part of the story of a crime. Richard -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Hotmail Sent: Wednesday, April 23, 2003 12:19 PM To: roman.kunz () juliusbaer com; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Break-in discovery and forensics tools I realize the importance of after incident forensics... What I dont understand is logs used in a court for prosecution. Logs are inheritly not preservable or physical evidence, it is tamperable from the time the external data hits a MAC, if that were the case basicly I could take my logs and edit any damn originating ip i choose, send thosse logs to law enforcement, and have an innocent person convicted. Logs are nice.. but IMHO defeatable in court. wood ----- Original Message ----- From: <roman.kunz () juliusbaer com> To: <steve.wray () paradise net nz>; <full-disclosure () lists netsys com> Sent: Wednesday, April 23, 2003 2:47 AM Subject: RE: [Full-disclosure] Break-in discovery and forensics tools
Hi Steve,steve wrote: You mean for every OS that runs on a PC, right? Like BeOS for
example?
How about OpenBSD? SCO Unixware? Solaris (PC version)?BeOS i dunno. But the unix's shouldn't be that hard. simply replace
the
encrypted pass in the /etc/shadow file is enough. you can create your own encrypted passwd's with: perl -e 'print substr(crypt("<your pass>", "<salt>"), 0) . "\n"' just replace in the shadow file and you can login with <your pass>. cheers --r *****Disclaimer***** This message is for the addressee only and may contain confidential or privileged information. You must delete and not use it if you are not
the
intended recipient. It may not be secure or error-free. All e-mail communications to and from the Julius Baer Group may be monitored. Processing of incoming e-mails cannot be guaranteed. Any views
expressed in
this message are those of the individual sender. This message is for information purposes only. All liability of the Julius Baer Group and
its
entities for any damages resulting from e-mail use is excluded. US
persons
are kindly requested to read the important legal information presented after clicking here: http://www.juliusbaer.com/maildisclaimer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Break-in discovery and forensics tools, (continued)
- Re: Break-in discovery and forensics tools madsaxon (Apr 22)
- Re: Break-in discovery and forensics tools yannick san (Apr 23)
- Re: Break-in discovery and forensics tools yannick san (Apr 23)
- Re: Break-in discovery and forensics tools Dirk Mueller (Apr 23)
- RE: Break-in discovery and forensics tools roman . kunz (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Shawn McMahon (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Shawn McMahon (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- RE: Break-in discovery and forensics tools Richard M. Smith (Apr 23)
- RE: Break-in discovery and forensics tools Ron DuFresne (Apr 23)
- Re: Break-in discovery and forensics tools Valdis . Kletnieks (Apr 23)
- Re: Break-in discovery and forensics tools Tina Bird (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- Re: Break-in discovery and forensics tools Hotmail (Apr 23)
- RE: Break-in discovery and forensics tools batz (Apr 24)