I have a quick few questions regarding internet access, wifi, etc. lmk... questions will be via PM.

 

pm?

 

Just post them here. You will get your answers faster.

 

You are not allowed to down load porn on your work computer.

 

 

I get paid to do it all the time.


Life is good.

 

What is it that you do? Smoke cigars and download porn.

 

Pretty much!

Actually, I am a computer forensics expert, and so I get paid to look through OTHER people's porn, among all the other data on their computers, looking for Trade secret theft, violations of employment agreements, downloading porn at work, destroying corporate data, intrusions, etc... Then I go to court and tell a judge all about what I found.

If you Google "Hawaiian Air Mesa Air", you will find the type of matter I regularly worked on (and worked that one too).

 

^^Very cool....I almost did that (I have a criminal justice degree and turned into IT)...How does it pay?

 

^^^

Nice.

I taught Forensic science for a couple years and was working on my masters in it. I think your side of it is a lot more interesting that what I would have been doing.

 

I have both of the top industry certs (CFCE, EnCE) and also have hundreds of hours of courtroom time due to being a police detective for 10 years, so pay is 6 figures easy. The work is always interesting, sometimes tedious, but fun and challenging every day.

If the mods don't mind, here is a link to my company:

www.LightstoneSolutions.com

 

LOL! You worked on that?

That was the dumbest defense I ever heard of!

Just curious, but did you find a trail of deleted porn and Hawaiin Air documents?

 

Yeah, seemed pretty dumb to me too, and the court agreed!

Oh, wait, ELVIS did it!!

 

Hey Stogie,

Just saw this at Engadget, and thought you might find this interesting...

http://www.engadget.com/2007/11/06/w...shutting-them/

 

Interesting.... They make some neat stuff. Not always the most reliable, but interesting.

Truthfully, the only data you lose by powering down is volatile RAM, and we can capture that as a data dump prior to powering down the system. Unless there are known anti-forensics scripts set to run at shutdown, or a sys defrag/ pagefile wipe, etc... We usually just power down. If there are suspicions, RAM dump (if necessary) and pull the plug!

Servers, of course, are a whole different ball game, usually logical live acquisitions with HELIX or some other tool. RAIDs are even more fun!

Thanks for the link, I will have to check it out.

 

Hey Synth, what were your questions? These guys are all very knowledgeable and pretty quick to help.

 

Yes, what is your question?

 

RaviNJCLs, I meant to ask you, what are you doing now for work, with a Forensics degree?

 

I'm curious. After 10 years of police work, how did you get into the CF field? Were you a detective of computer crimes or something? In a nutshell, how did you start? It looks really cool stuff.

 

No joke, standing in the right place at the right time.

I had a HP Pavillion POS with Win95 and wicked cool AOL dial up account and no computer skills.

I was working on the Violent Crimes Against Children squad, and the FBI was looking to start a franchise of their Innocent Images online child exploitation task force. My boss was looking around for someone to send and I happened to walk past. Seems like it was the only time volunteering for something actually paid off.

I worked online predator cases for a while (yeah, I was a 13 year old girl), and then got tired of waiting for the FBI CF examiners to get the evidence off my bad-guy's computers, so I convinced my department to send me to all kinds of trainings. I had a VERY supportive seargant, and some grant money to spend. I set up the Computer Crimes unit at the agency, pulled them out of the 19th century (we were still using Emacs as a word processor and Pine...) and then pulled the plug after ten years for a variety of reasons.

Most rewarding job I think I will ever have, and a great experience all around, but there are a lot of bells I wish I could un-ring with respect to what I had to look at on peoples computers and hear from victims....

 

I got most of my course work done, but never finished my Masters.

I'm out of the field now. I am a Product Development Engineer for a label company. Basically I help design the technical layout of consumer product labels.

 

I am sure I have admired your work! Anything you can brag about?

 

What do you gurus think of Absolute Software?

http://www.absolute.com/

My father invested in them a while back thinking it was a bright idea. Turns out he was right.

 

Do you mean he invested money the company, or do you mean he bought the software and his computer was stolen and recovered?

 

Invested in the company

I should have been more clear

 

suite!

 

FYI- -OP's questions were answered (I think) through PM.

General nature of questions regarded identifying individual user traffic in a network environment when user is connected via Cat5 or WiFi, and any potential differences for user identification between the two with respect to port 80 activity on a possibly monitored/filtered network.


Personal, encrypted VPN to computer outside network was recommended (Hamachi).

 

^^What do you think of Encase?

 

Just an fyi, if they have any kind of intrusion detection capabilities this will be probably be detected.

For example:
http://www.iss.net/security_center/r...chi_Client.htm

 

Staring at three different screens of it as I type. EnCase and FTK (AccessData) along with a few others are top tier tools for windows based forensics.

Many companies USE vpn clients, so their IDS is set to allow, and since some admins are lazy....er BUSY, they allow ALL vpn traffic, not just their particular client.

The other options included using something like iPig to secure the wireless transmission to the AP, then vpn out if wireless was necessary. I think iPig also does some traffic encryption, but it's not free anymore.

 

I can't think of why anyone would be VPN'ng OUT of their company's network unless maybe it was just to test something maybe? External VPN connections only go from the external client's IP to the external VPN concentrator's IP which is then NAT'd to an internal address that is use to proxy the data transmission through the company network just like they are 'on-net', i.e unencrypted etc, so it wouldn't be tripping off NIDS signatures for traffic coming from Internet to the internal network...or the other way around.. In other words, there's no reason to disable these signatures as the events wouldn't be showing up unless something strange was going on...

If he did this where I work, we would see it.

Anyway, don't assume Admins are lazy and hope for the best..that's how you get busted...seen it too many times.

 

^^Im sure people are VPN'ing to their home machine to get files and crap....Its not a good thing....

 

No company that knows anything about security would allow this...this is why I am saying they would be watching for this kind of traffic.

 

In my experience, the percentage of companies that truly enforce solid security protocols would be somewhere around the 15-20% range or less.

Think of ALL the businesses with SOME kind of network, and the odds are against having good security policies. Even more slim in margins, are companies with good security policies that the IT staff has time to monitor and enforce, instead of spending al day recovering accidentally deleted emails, and making desktop shortcuts for people so they can get to their favorite network share more easily.

I know what best practices are (generally), but the reality is that the VAST majority of smaller and medium sized businesses just don't have the resources or talent to monitor and stop outbound VPN connections, file sharing, proper web content filtering (web mail), etc...

 

Zeroday, you have EnCase in-house? Enterprise Edition or Forensic?