Re: digital surveillance techniques for forensics/penetration

From: Eoghan Casey (eco@corpus-delicti.com)
Date: Fri Jan 23 2004 - 09:12:44 EST


Kerri,

On the open source side, you can use Tcpflow
(http://www.circlemud.org/~jelson/software/tcpflow/) or Ethereal
(www.ethereal.com). Two solid commercial tools are NetDetector
(www.niksun.com) and NetIntercept (www.sandstorm.net).

I wrote a paper comparing several open source and commercial tools for
this purpose - it will be published next month in the first issue of
Digital Investigation. You can request a free copy of the first issue at
http://www.compseconline.com/digitalinvestigation/.

Eoghan Casey

Kerri Sharp wrote:

>Hi List
>
>Anyone know of the tool which reconstructs captured data?? For example
>intercepted email with attachments or ftp data.
>
>I saw a flash demo sometime ago at www.sainstitute.org about digital
>surveillance techniques which they cover in DefensiveForensics and
>DefensiveHacking. This demo has since been
>removed :-( any ideas anyone?
>
>Thx
>Kerri
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT