RE: digital surveillance techniques for forensics/penetration

[Franklin Sheila H DLVA <FranklinSH () NSWC NAVY MIL>]

A great product that I found was IRIS from
http://www.eeye.com/html/Products/Iris/index.html  Not too expensive and
able to reconstruct the images pretty nicely.

Sheila H. Franklin
Naval Surface Warfare Center
Code XDC3
17320 Dahlgren Road
Dahlgren, VA 22448
(540)653-8884 
(540)653-6143 (FAX)

-----Original Message-----
From: Don Parker [mailto:dparker () rigelksecurity com]
Sent: Friday, January 23, 2004 11:31 AM
To: sil; Kerri Sharp
Cc: forensics () securityfocus com; pen-test () securityfocus com
Subject: Re: digital surveillance techniques for forensics/penetration


Hello there, well any old packet sniffer will intercept the data you are
looking for 
really. Are you asking if it is possible to rebuild the captured binary
transfer of say 
a jpeg, avi, and the such back to it's original form? If so then there is no
such tool 
to my knowledge which will do that for you.

Cheers

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------

On Jan 23, sil <jesus () resurrected us> wrote:


Many commercial packet sniffers can reconstruct packet dumps, sniffit,
NAI's Sniffer, etc. There was a product out a few years back called
Hailstorm which offered pretty neat features, I used the beta for about a
month testing it, but don't recall who made it, nor have I seen any more
information on it. Iris from eEye also does reconstruction, but haven't
used it in recent months.

If you're looking for some hardware based boxes that can do the job and
then some check out Niksun's NetDetector (<a 
href='http://www.niksun.com/&apos;>http://www.niksun.com/</a>), or
Sandstorm's NetIntercept (<a 
href='http://www.sandstorm.com/&apos;>http://www.sandstorm.com/</a>). But if
you're just
looking for general information on reconstruction, you could probably
google +"packet sniffer" +reconstruct or any combination of that.

NANOG just had a thread that might have interested you this week: "What's
the best way to wiretap a network?" which would likely give you a ton of
ideas of what those in the networking industry are using/doing. Merit.edu
has the archives somewhere in there (too tired to open a browser sorry.)


> Hi List
>
> Anyone know of the tool which reconstructs captured data?? For example
> intercepted email with attachments or ftp data.
>
> I saw a flash demo sometime ago at www.sainstitute.org about digital
> surveillance techniques which they cover in DefensiveForensics and
> DefensiveHacking. This demo has since been
> removed :-( any ideas anyone?
>
> Thx
> Kerri

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Quis custodiet ipsos custodes? - Juvenal

J. Oquendo / sil
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
<a href='http://pgp.mit.edu:11371/pks/lookup?
op=get&search=0x51F9D78D'>http://pgp.mit.edu:11371/pks/lookup?
op=get&search=0x51F9D78D</a>

sil @ politrix . org    <a
href='http://www.politrix.org&apos;>http://www.politrix.org</a>
sil @ infiltrated . net <a 
href='http://www.infiltrated.net&apos;>http://www.infiltrated.net</a>

---------------------------------------------------------------------------
----------------------------------------------------------------------------



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Attachment: Sheila H Franklin (E-mail).vcf
Description:

---------------------------------------------------------------------------
----------------------------------------------------------------------------