Ask Question Forum:
Model Library:2025-02-08 Updated:A.I. model is online for auto reply question page
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by mickeyshelley1
at 2024-08-02 08:21:23
ModifyPoint:500 Replies:7 POST_ID:828669USER_ID:11556
Topic:
Miscellaneous Security;;Digital Forensics
I am looking for software designed to display the history of all traffic on a network computer including downloads, internet history, viewed files. The environment is a Windows 2003 server with windows 7 local os. The user of the software will be a network administrator.
Author: mickeyshelley1 replied at 2024-08-03 05:51:50
Very insightful, thank you for that valuable information..
Accepted Solution
Expert: btan replied at 2024-08-03 00:41:26
500 points EXCELLENT
Hard to find an all in one tool since there are really couple of area to retrieve to build a "story" line.....
- Hard drives: file system, web browsing history, registry hives, Windows short cut files, firewall logs, restore points, volume shadow copies, prefetch files, email files, or Office documents
- Memory: network connections, processes, loaded dlls, or loaded drivers
- Network shares: email files (including archives), office documents, or PDFs
- Network logs: firewall logs, IDS logs, proxy server logs, web server logs, print/file server logs, or authentication server logs
For internet history timeline, you can catch timeline viewer @ http://www.osforensics.com/timeline-viewer.html
For endpoint of interest, SIFT may be considered to build timeline via Log2timeline
http://www.forensicswiki.org/wiki/Log2timeline
http://computer-forensics.sans.org/blog/2012/01/20/digital-forensic-sifting-targeted-timeline-creation-and-analysis
For network, key is as long as there is log, and packet capture, then the tool can act on the PCAP also the SSL traffic need to be decrypted ... I see SIEMS as a good technology to venture like Splunk - http://splunk-base.splunk.com/apps/29008/sos-splunk-on-splunk
@ http://cashandmeat.blogspot.sg/2013/03/splunksaturday-aggregating-packet.html
nDPI is used by both ntop and nProbe - Appl classification
http://www.ntop.org/ntop/ntop-is-back-ntopng-1-0-just-released/
https://www.alienvault.com/resource-center/tech-talks/a-quick-chat-luca-deri-creator-of-ntop
http://www.ntop.org/products/ndpi/
Lancope Stealthwatch - Looks at netflows (augment the packet/log)
http://www.lancope.com/solutions/security-operations/forensics/
ChaosReader - trace TCP/UDP/... sessions and fetch application data from snoop or tcpdump logs.
http://www.windowsecurity.com/articles-tutorials/windows_networking/Studying-Network-Activity-Using-Chaosreader-Tool.html
RSA NetWitness Investigator -
http://singapore.emc.com/security/rsa-netwitness.htm#!freeware
http://singapore.emc.com/security/rsa-netwitness/rsa-netwitness-investigator.htm
- Hard drives: file system, web browsing history, registry hives, Windows short cut files, firewall logs, restore points, volume shadow copies, prefetch files, email files, or Office documents
- Memory: network connections, processes, loaded dlls, or loaded drivers
- Network shares: email files (including archives), office documents, or PDFs
- Network logs: firewall logs, IDS logs, proxy server logs, web server logs, print/file server logs, or authentication server logs
For internet history timeline, you can catch timeline viewer @ http://www.osforensics.com/timeline-viewer.html
For endpoint of interest, SIFT may be considered to build timeline via Log2timeline
http://www.forensicswiki.org/wiki/Log2timeline
http://computer-forensics.sans.org/blog/2012/01/20/digital-forensic-sifting-targeted-timeline-creation-and-analysis
For network, key is as long as there is log, and packet capture, then the tool can act on the PCAP also the SSL traffic need to be decrypted ... I see SIEMS as a good technology to venture like Splunk - http://splunk-base.splunk.com/apps/29008/sos-splunk-on-splunk
@ http://cashandmeat.blogspot.sg/2013/03/splunksaturday-aggregating-packet.html
nDPI is used by both ntop and nProbe - Appl classification
http://www.ntop.org/ntop/ntop-is-back-ntopng-1-0-just-released/
https://www.alienvault.com/resource-center/tech-talks/a-quick-chat-luca-deri-creator-of-ntop
http://www.ntop.org/products/ndpi/
Lancope Stealthwatch - Looks at netflows (augment the packet/log)
http://www.lancope.com/solutions/security-operations/forensics/
ChaosReader - trace TCP/UDP/... sessions and fetch application data from snoop or tcpdump logs.
http://www.windowsecurity.com/articles-tutorials/windows_networking/Studying-Network-Activity-Using-Chaosreader-Tool.html
RSA NetWitness Investigator -
http://singapore.emc.com/security/rsa-netwitness.htm#!freeware
http://singapore.emc.com/security/rsa-netwitness/rsa-netwitness-investigator.htm
Author: mickeyshelley1 replied at 2024-08-02 10:30:52
Our firewall is a Cisco ASA 5505
Expert: pgm554 replied at 2024-08-02 09:26:09
You would need something like a proxy server.
Do you use a firewall?
Most of the better ones will allow for user history ,downloads ,etc.
Sonicwall ,Barracuda all have those abilities.
I know Watchguard does.
http://www.watchguard.com/why/utm.asp
Do you use a firewall?
Most of the better ones will allow for user history ,downloads ,etc.
Sonicwall ,Barracuda all have those abilities.
I know Watchguard does.
http://www.watchguard.com/why/utm.asp
Expert: duncanb7 replied at 2024-08-02 09:26:08
That might help you with IIS
http://portal.smartertools.com/KB/a154/where-are-my-iis-log-files-stored.aspx
http://portal.smartertools.com/KB/a154/where-are-my-iis-log-files-stored.aspx
Author: mickeyshelley1 replied at 2024-08-02 08:51:07
Thank you, what we are looking for would be more forensic in nature; with capabilities of retrieving deleted files as well...Not necessarily looking for something free but within reason in price.
Expert: Eirman replied at 2024-08-02 08:31:59
Have look at spiceworks
http://www.spiceworks.com/
http://www.spiceworks.com/
