Penetration Testing mailing list archives

RE: digital surveillance techniques for forensics/penetration

From: "Rob Shein" <shoten () starpower net>
Date: Fri, 23 Jan 2004 09:30:02 -0500

There are several tools, and the main question is: how pretty do you want
the tool to be?  There are myriad command-line tools for capturing various
types of communication, from IM to email to HTTP, in reader-usable form
(that is, not getting things like TCP sequence numbers or individual data
about packets, but instead showing you the content itself, in human-friendly
format).  The problem is, these tools stand alone, and have no real
management frontend; you get all the stuff, mixed together.  They work well
for their purpose though.  At the other end of the spectrum is, if it exists
anymore, SilentRunner, by Raytheon.  This is incredibly sophisticated, and
can track and capture all sorts of data, but it's crazy expensive, probably
does WAY more than what you're looking for, and tends to fall over like a
toothpick placed on end if subjected to much traffic, as many people have
noted.  Also, you mention forensics and pen-testing as applications; I think
the nature of your needs would differ greatly between those two roles.  The
command-line stuff is excellent for that, since you can always winnow the
wheat from the chaff of your capture later, while in a forensics role, you'd
end up taking too long to find the needle in the haystack while the incident
in question continues.  Which need is it you're looking to fulfill
primarily?

-----Original Message-----
From: Kerri Sharp [mailto:kerri () dancetonight com] 
Sent: Thursday, January 22, 2004 7:39 PM
To: forensics () securityfocus com; pen-test () securityfocus com
Subject: digital surveillance techniques for forensics/penetration

Hi List

Anyone know of the tool which reconstructs captured data?? 
For example intercepted email with attachments or ftp data.

I saw a flash demo sometime ago at www.sainstitute.org about 
digital surveillance techniques which they cover in 
DefensiveForensics and DefensiveHacking. This demo has since been 
removed :-( any ideas anyone?

Thx
Kerri

--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

digital surveillance techniques for forensics/penetration Kerri Sharp (Jan 22)
- Re: digital surveillance techniques for forensics/penetration sil (Jan 23)
  - Re: HailStorm - was digital surveillance techniques for forensics/penetration DaemonLabs.com Support (MLM) (Jan 29)
- RE: digital surveillance techniques for forensics/penetration Rob Shein (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Byron Sonne (Jan 23)
  - RE: digital surveillance techniques for forensics/penetration Jerry Shenk (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Bill Weiss (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Eoghan Casey (Jan 23)
- Re: digital surveillance techniques for forensics/penetration lists-mptruem-f25-com (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Chris Reining (Jan 25)
- RE: digital surveillance techniques for forensics/penetration Jason Jaszewski (Jan 27)
- <Possible follow-ups>
- RE: digital surveillance techniques for forensics/penetration ADM SMS (Jan 27)
- RE: digital surveillance techniques for forensics/penetration Franklin Sheila H DLVA (Jan 28)
  - Re: digital surveillance techniques for forensics/penetration Nexus (Jan 29)

(Thread continues...)