RE: Waste, Fraud, Abuse

From: David Losen (dlosenat_private)
Date: Thu Jul 24 2003 - 11:52:17 PDT

Next message: s.cappendellat_private: "RE: Waste, Fraud, Abuse"

Previous message: H Carvey: "Re: Decent Win32 utility for hash set creation, organization, and manipulation?"
Next in thread: s.cappendellat_private: "RE: Waste, Fraud, Abuse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 For the last year I've avoided any solicitation of our company's product
out of respect for the information shared in this list. BUT, this WFA thread
screams for it.  If you feel incline, take a look at www.sgtlabs.com.  It's
an enterprise monitoring product that tracks WFA and more in a simplistic
manner.  The information
[Date,Time,Username,Computername,Application{and/or}Website visited] is
collected in a secure appliance that can provide evidence admissible in
court.
It's targeted to the SMB market but scaleable to larger organizations.
I think its a good solution, but hey, I'm just an engineer.

Dave Losen
Sergeant Laboratories, Inc.
4329 Mormon Coulee Road
LaCrosse, WI 54601
608 788 9143
dlosenat_private

-----Original Message-----
From: dr john halewood [mailto:johnat_private]
Sent: Wednesday, July 23, 2003 11:34 AM
To: forensicsat_private
Subject: Re: Waste, Fraud, Abuse

On Tuesday 22 Jul 2003 9:57 pm, Curt Purdy wrote:
>The problem comes from someone cluefull enough to wipe cookies/history and
>not keep incriminating files.  The best best answer is a proxy server that
>logs all access and an email server that keeps a record of all mail.

 Whilst logs from mail and proxy servers are useful in isolating potential
culprits (either in WFA cases or others, such as illicit viewing of
pornography), and may possibly count as suitable evidence in internal
disciplinary procedures, it generally isn't enough to satisfy courts, if
things are likely to reach that level.
 I've been involved in a number of cases where the powers that be have said
that server logs were not sufficient (too easily forged, although if you run
them straight to a printer or burn to CD-R etc you might be better off), and
even that evidence found on a hard drive can be questioned (can you prove
your suspect was using the machine at the time?). However a combination of a
network sniffer and a few shell scripts to monitor server logs and page
appropriate people have lead to the suspects being caught at the machine,
which (combined with extra evidence such as log files), is usually enough to
prove the offence conclusively.

cheers
john

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: s.cappendellat_private: "RE: Waste, Fraud, Abuse"
Previous message: H Carvey: "Re: Decent Win32 utility for hash set creation, organization, and manipulation?"
Next in thread: s.cappendellat_private: "RE: Waste, Fraud, Abuse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 12:36:36 PDT