PaulDotCom mailing list archives

Re: Controversial (maybe) question

From: David Kovar <dkovar () gmail com>
Date: Mon, 27 May 2013 11:25:20 -0500

Greetings,

You could probably make a determination without deploying spyware. If you grab the MFT, analysis of it can tell you a 
lot about the user's activity. Get the prefetch files and registry hives. Get the various browser caches. Do 
traditional forensics .....

-David

On May 25, 2013, at 9:26 PM, Dan Baxter <danthemanbaxter () gmail com> wrote:

Okay, yesterday at work, I was asked if I could deploy some spyware to a PC to determine what a particular user is
doing. The requestor was one of our corporate attorneys, no less.

The concern is that this individual is possibly accessing sensitive documents and getting them to a competitor. I'm
not at this location, so I don't know the person, or the exact circumstances or requirements, yet. I have been told
he's the "unofficial IT guy" for this location, so he may be wary.

At present, we don't block access to USB drives. We do block access to cloud based storage (Dropbox, Copy, Skydrive,
etc).

Ironically, this is the same atty that helped shoot down a DLP project I was working on earlier this year. I took
gratification in pissing her off by reminding her that this would be a perfect example of why we need one.

Anyway, assuming I get signoff from HR and our Ethics department (still questionable), are there any suggestions of
what I could deploy? Also, I realize some testing is going to need to be done to make sure it doesn't set off alarms
on his A/V. Any other pitfalls I need to be aware of?

Thanks in advance.

Dan Baxter
-------------------------------------------------
Quis custodiet ipsos custodes?

"A sword never kills anybody; it is a tool in the killers hands."-Lucius Annaeus Seneca, c.4BC-65AD
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Controversial (maybe) question Dan Baxter (May 27)
- Re: Controversial (maybe) question Andrew Case (May 27)
- Re: Controversial (maybe) question Frank McClain (May 27)
- Re: Controversial (maybe) question David Kovar (May 27)
- Re: Controversial (maybe) question Brian Erdelyi (May 27)
  - Re: Controversial (maybe) question Michael Dickey (May 27)