Questions

Working for a counter surveilance company, could use some ideas

Tags:
+
0 Votes
Locked

Working for a counter surveilance company, could use some ideas

DownRightTired
Yesterday I started working part time with an ex-mob muscle man who has gone legit and started a counter surveillance / P.I. company (pretty fun stuff!)

I was hoping you guys could give me some ideas on techniques to use, as Ill be doing anything involved with computers.

One thing they would like to do is copy over a clients hard drive so it can be analyzed in depth later. What would be the easiest/quickest way to do this?

I considered ghosting but then I run into the problem of restoring it on a different computer.

The object would be able to have access to all the files in order to analyze them. Would it be a better idea to buy a HD duplicator and then use Linux to access the files?

I was also hoping for some recommendations on software that could be easily run from a jump drive to search for any kind of key loggers or
spyware that may be running.

I know how to do all these things but was hoping the Republic might have some better or more efficient ideas. :)
  • +
    0 Votes
    OldER Mycroft

    "Meat-Axe George" ??

    Your approach is 'softly softly'.

    What does he do ?

    +
    0 Votes
    cmiller5400

    This is going to require some specialty tools. It is probably going to be in your best interest to read up on forensics and chain of evidence. You may even want to speak with an attorney to find out what the laws are in your state. If you find illegal content, you must report it...

    Basically you want to create an exact bit for bit copy of the original hdd then lock the original up. This "master copy" would be the copy from which you would make all working copies from.

    Disclaimer: I don't know a lot about this subject. Only that I would leave it to professionals.

    +
    0 Votes
    wilfred.baitx

    I strongly suggest you to consider Virtual machines, create a farm, prefferably ESX farm and virtualize the entire system, that will preserver all the system information as is, including the MAC address and keys if ever needed.

    You will have a complete farm of clients you can review at will.

    +
    0 Votes
    robo_dev

    There are lots of good free LINUX forensics tools such as dig, autopsy, etc.

    Using commercial tools such as enCase looks a whole lot better in court, and enCase does some pretty amzing stuff (you get what you pay for).

    You cannot easily detect the really good keyloggers or spyware. What you really have to do is use a protocol analyzer and observe the data stream from the PC.

    The best keyloggers are hardware-based, so that would be the first thing to look for.

    +
    0 Votes
    DownRightTired

    ill look into them

  • +
    0 Votes
    OldER Mycroft

    "Meat-Axe George" ??

    Your approach is 'softly softly'.

    What does he do ?

    +
    0 Votes
    cmiller5400

    This is going to require some specialty tools. It is probably going to be in your best interest to read up on forensics and chain of evidence. You may even want to speak with an attorney to find out what the laws are in your state. If you find illegal content, you must report it...

    Basically you want to create an exact bit for bit copy of the original hdd then lock the original up. This "master copy" would be the copy from which you would make all working copies from.

    Disclaimer: I don't know a lot about this subject. Only that I would leave it to professionals.

    +
    0 Votes
    wilfred.baitx

    I strongly suggest you to consider Virtual machines, create a farm, prefferably ESX farm and virtualize the entire system, that will preserver all the system information as is, including the MAC address and keys if ever needed.

    You will have a complete farm of clients you can review at will.

    +
    0 Votes
    robo_dev

    There are lots of good free LINUX forensics tools such as dig, autopsy, etc.

    Using commercial tools such as enCase looks a whole lot better in court, and enCase does some pretty amzing stuff (you get what you pay for).

    You cannot easily detect the really good keyloggers or spyware. What you really have to do is use a protocol analyzer and observe the data stream from the PC.

    The best keyloggers are hardware-based, so that would be the first thing to look for.

    +
    0 Votes
    DownRightTired

    ill look into them