can a remote site-person see we are running etherape?
Hi all, while a Newbe here I hope my question and thus answers will assist others as well.
We have been tasked to forensically monitor and collect all traffic on a small (1 to 4 windows based pc’s) critical site that has been ‘compromised from within’, by owners belief a now ex-employee. The ex-employee in question, has good low level programming skills and is highly computer literate and we understand now travels globally due to new current job.
So we wish to use etherape (running either under Tails or 2nd option Karli) on a one of our dedicated laptop connected to their ISP’s provided Broadband router.
NOW the QUESTION is:
When running etherape would it be incognito to anyone on the WWW?
If not, how obvious is it presence on the local network?
What we are trying to find out is “if this other person or maybe person is also say running etherape or similar and has accessed this ‘compromised from within’ site, can they tell etherape is running/logging?”
I would expect that since we know the ex-employee had administrator access to the ISP’s provided Broadband router that they would be able to see the connection of a Linux machine to the network.
While this is not an uncommon event at this site, however to have a Linux laptop on 24/7 may trigger concern in the ex-employee’s mind and they may stop their activities.
Note a review of this Critical Site has been done by an independent Forensic Computer Investigator and recommendations he made have been implemented. So the ‘core system’ on the site is secure and physically disconnected from the network.