Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Forensic tools for personal use


  • Please log in to reply
7 replies to this topic

#1 jjones312

jjones312

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 16 October 2014 - 11:13 AM

I have a general question regarding security software that may provide some forensic capabilities. 

 

A friend of mine recently discovered there was key logging software installed on his computer.  From the explanation, it sounded like it wasn't from an external threat but from his wife trying to monitor him and his activities, i.e. what sites he's visiting, emails sending, etc..

 

He had asked me if there was options out there for him to possible use to determine when the software was installed and by who.  From my understanding, the who could be difficult since I don't believe separate accounts were used to log on to the computer.  I think a tools like FTK could be use but a bit of $$$ for personal use.

 

Anyone have any thoughts suggestions?  Probably more questions  to get a better response?



BC AdBot (Login to Remove)

 


#2 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 16 October 2014 - 03:07 PM

Think I found a tool

 

http://digital-forensics.sans.org/community/downloads



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:41 AM

Posted 16 October 2014 - 08:56 PM


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 17 October 2014 - 12:21 AM

Thanks..



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:41 AM

Posted 17 October 2014 - 04:44 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 19 October 2014 - 05:02 AM

My UserAssist tool is a forensic tool that allow you to see what programs were started by a user.

 

http://blog.didierstevens.com/programs/userassist/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 19 October 2014 - 10:12 AM

My UserAssist tool is a forensic tool that allow you to see what programs were started by a user.

 

http://blog.didierstevens.com/programs/userassist/

Thanks I'll check it out



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 19 October 2014 - 02:28 PM

You're welcome.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users