Penetration Testing mailing list archives
RE: digital surveillance techniques for forensics/penetration
From: Franklin Sheila H DLVA <FranklinSH () NSWC NAVY MIL>
Date: Wed, 28 Jan 2004 12:30:41 -0500
A great product that I found was IRIS from http://www.eeye.com/html/Products/Iris/index.html Not too expensive and able to reconstruct the images pretty nicely. Sheila H. Franklin Naval Surface Warfare Center Code XDC3 17320 Dahlgren Road Dahlgren, VA 22448 (540)653-8884 (540)653-6143 (FAX) -----Original Message----- From: Don Parker [mailto:dparker () rigelksecurity com] Sent: Friday, January 23, 2004 11:31 AM To: sil; Kerri Sharp Cc: forensics () securityfocus com; pen-test () securityfocus com Subject: Re: digital surveillance techniques for forensics/penetration Hello there, well any old packet sniffer will intercept the data you are looking for really. Are you asking if it is possible to rebuild the captured binary transfer of say a jpeg, avi, and the such back to it's original form? If so then there is no such tool to my knowledge which will do that for you. Cheers ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Jan 23, sil <jesus () resurrected us> wrote: Many commercial packet sniffers can reconstruct packet dumps, sniffit, NAI's Sniffer, etc. There was a product out a few years back called Hailstorm which offered pretty neat features, I used the beta for about a month testing it, but don't recall who made it, nor have I seen any more information on it. Iris from eEye also does reconstruction, but haven't used it in recent months. If you're looking for some hardware based boxes that can do the job and then some check out Niksun's NetDetector (<a href='http://www.niksun.com/'>http://www.niksun.com/</a>), or Sandstorm's NetIntercept (<a href='http://www.sandstorm.com/'>http://www.sandstorm.com/</a>). But if you're just looking for general information on reconstruction, you could probably google +"packet sniffer" +reconstruct or any combination of that. NANOG just had a thread that might have interested you this week: "What's the best way to wiretap a network?" which would likely give you a ton of ideas of what those in the networking industry are using/doing. Merit.edu has the archives somewhere in there (too tired to open a browser sorry.)
Hi List Anyone know of the tool which reconstructs captured data?? For example intercepted email with attachments or ftp data. I saw a flash demo sometime ago at www.sainstitute.org about digital surveillance techniques which they cover in DefensiveForensics and DefensiveHacking. This demo has since been removed :-( any ideas anyone? Thx Kerri
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Quis custodiet ipsos custodes? - Juvenal J. Oquendo / sil GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D <a href='http://pgp.mit.edu:11371/pks/lookup? op=get&search=0x51F9D78D'>http://pgp.mit.edu:11371/pks/lookup? op=get&search=0x51F9D78D</a> sil @ politrix . org <a href='http://www.politrix.org'>http://www.politrix.org</a> sil @ infiltrated . net <a href='http://www.infiltrated.net'>http://www.infiltrated.net</a> --------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Attachment:
Sheila H Franklin (E-mail).vcf
Description:
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: HailStorm - was digital surveillance techniques for forensics/penetration, (continued)
- Re: HailStorm - was digital surveillance techniques for forensics/penetration DaemonLabs.com Support (MLM) (Jan 29)
- RE: digital surveillance techniques for forensics/penetration Rob Shein (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Byron Sonne (Jan 23)
- RE: digital surveillance techniques for forensics/penetration Jerry Shenk (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Bill Weiss (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Eoghan Casey (Jan 23)
- Re: digital surveillance techniques for forensics/penetration lists-mptruem-f25-com (Jan 23)
- Re: digital surveillance techniques for forensics/penetration Chris Reining (Jan 25)
- RE: digital surveillance techniques for forensics/penetration Jason Jaszewski (Jan 27)
- RE: digital surveillance techniques for forensics/penetration ADM SMS (Jan 27)
- RE: digital surveillance techniques for forensics/penetration Franklin Sheila H DLVA (Jan 28)
- Re: digital surveillance techniques for forensics/penetration John Daniele (Jan 28)