[olug] OT: Local PC Forensics Experts
Aric
aric at omahax.com
Fri May 9 01:26:04 CDT 2014
I should be more inviting and helpful. I am not an expert at anything. In theory you could have been hacked in the past and not really have any practical or easily found evidence. One could provide reasonable doubt towards the integrity of a Windows XP system simply because it has a proven track record of getting compromised often. You can check the log files but there isn't much there by default. Check the integrity of your system files (sfc) and drivers (sigverig). If you think a system was compromised in a specific way look for those specific things. I'll use Sysinternals' Autoruns to check to see if anything is starting that shouldn't be. If you think it is still compromised sniff all the packets and look for anomalies. I'll use Snort with Snort and Emerging Threats signatures.
Sent from my Verizon Wireless 4G LTE Smartphone
-------- Original message --------
From: Aric Aasgaard <aric at omahax.com>
Date: 05/08/2014 4:18 PM (GMT-06:00)
To: 'Omaha Linux User Group' <olug at olug.org>
Subject: Re: [olug] OT: Local PC Forensics Experts
T.J. maybe we could team up.
We should have a multi-tiered pay rate depending on who the accused is with
1 being the most costly.
1. US Government
2. Chinese Government
3. Russian Gangsters
4. Script kiddies
-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of
Jesse Regier
Sent: Thursday, May 08, 2014 4:11 PM
To: Omaha Linux User Group
Subject: Re: [olug] OT: Local PC Forensics Experts
I think it would be deliberate. Intrusion/monitoring situation.
Jesse Regier
> On May 8, 2014, at 2:46 PM, "T. J. Brumfield" <enderandrew at gmail.com>
wrote:
>
> Hacked in what sense? That they have some form of malware?
>
> Or hacked like a jealous ex accessed their computer without permission
> to snoop?
>
> The former is easy to determine with virus/malware scans, or just
> checking running processes and looking for anything suspect. The later
> is harder to determine, unless the PC was accessed with a Windows
> login event during hours the owner was at work or something like that.
>
>
>> On Thu, May 8, 2014 at 2:31 PM, <jregier at cox.net> wrote:
>>
>> This is a bit off topic.
>>
>> I was asked if I know of anyone locally that can "determine if a PC
>> has been hacked." I don't have much detail except that its probably
>> a Windows machine. I know I have seen some of you talk about getting
>> some security certifications from time to time. Is there anyone here
>> that would want to take this on? Do you know of any? I don't want
>> to do this myself but I would like to make a referral if possible.
>>
>> The person asking is a lawyer so take that into account. Things
>> could get "legal." You may need some experience/credentials. I'm
>> not sure if this would end up in a court or not.
>>
>> Thanks
>>
>> Jesse Regier
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>
>
>
> --
> "I'm questioning my education
> Rewind and what does it show?
> Could be, the truth it becomes you
> I'm a seed, wondering why it grows"
> -- Pearl Jam, Education
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list