RE: WFA and network forensics

From: Robert Buckley (rbuckleyat_private)
Date: Wed Jul 30 2003 - 22:41:00 PDT

Next message: woofzat_private: "Re: WFA and network forensics"

Previous message: Reava, Jeffrey [IT/0200]: "RE: WFA and network forensics"
Maybe in reply to: J: "WFA and network forensics"
Next in thread: woofzat_private: "Re: WFA and network forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 JJ,
Just a thought, you might want to download Websense from websense.com for a
demo. (30 days?). I know, its commercial, but may get you what you want, at
least for this situation. It can certainly monitor an individuals activety
with some degree of accuracy, and present an acceptable report.

Vericept.com has some demo products as well, I believe View is one of
interest to you.

* Doesn't matter who maintains a database of catagories, sites change
catagories at whim. This is a topic in itself...







-----Original Message-----
From: kris carlier
To: JJ
Cc: forensicsat_private
Sent: 7/29/2003 2:38 PM
Subject: Re: WFA and network forensics

>
> I'm not sure if this is the right place for this, but I'm giving it a
shot anyway.
>
> I've got web traffic logs for our users.  In a WFA case, I need to be
able to pull an individual employee's activity out of our logs and
categorize the sites visited by said soon-to-be-ex-employee by site
type.  For instance:
>
> safe-mail.net  = Web-based email
> google.com     = Search site
> foxnews.com    = News
> weather.com    = Weather
> whitehouse.com = Adult entertainment
>
> I know a lot of the filtering suites out there do this kind of
categorization, but I just need a good, often-updated category list by
domain name so that I can grab the connection request heading to an IP
and do a rough categorization based on what that IP resolves to.
>
> I also want to roll this category list into our post-WFA forensic
analysis procedures so I can give a categorized report along with the
actual system and evidence images.
>
> Any ideas?
>
> I figure this roughly fits into the kind of work some of us do, a.k.a.
> finding out what people do when they use our computers in ways that
> aren't intended.




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: woofzat_private: "Re: WFA and network forensics"
Previous message: Reava, Jeffrey [IT/0200]: "RE: WFA and network forensics"
Maybe in reply to: J: "WFA and network forensics"
Next in thread: woofzat_private: "Re: WFA and network forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 10:05:17 PDT