09-15-2009, 10:09 PM | #1 |
Colonel
376
Rep 2,451
Posts |
Bugging computers
I have a little problem at my office. An employee is known to be stealing from the company and I need to gather evidence to prove it. Does anyone know any programs that can be installed on his computer to record his emails, instant messages, and website history???
Any help is greatly appreciated |
09-15-2009, 10:18 PM | #2 |
Nigerian Prince
396
Rep 2,180
Posts
Drives: '11 F25
Join Date: Apr 2008
Location: San Diego, CA
|
__________________
|
Appreciate
0
|
09-16-2009, 05:09 AM | #4 |
Brigadier General
428
Rep 4,709
Posts |
If it's in a corporate environment, can't you just set up to monitor where the web traffic from his computer is going to?
For example, all IMs go through port XXX, and the software will record all of that. |
Appreciate
0
|
09-16-2009, 05:19 AM | #5 | |
you know he kills little girls like you
398
Rep 892
Posts |
Quote:
Oh yeah, if you want to sniff traffic on that network segment, it'd be ideal if the machine designated as the sniffer had a gigabit interface, and one or more fast processors, otherwise the kernel might not be able to process the traffic fast enough and you might lose key data. Not that I know anything about this, no sir... |
|
Appreciate
0
|
09-16-2009, 06:22 AM | #6 |
you know he kills little girls like you
398
Rep 892
Posts |
As a follow up to my previous post, I realize that my advice to consult a lawyer first might seem like overkill. I'm assuming your going to use this evidence that you collect in order to fire, prosecute, and sue the employee. Since it seems that the company/employee will be seeing the inside of a courtroom, you'll want to make sure all your ducks are in a row. I know that the network/computers are owned by the company, but many states have some really strange computer laws.
BTW... depending on your MTA/MDA, it's also fairly trivial to copy all of their email as well. For example, with sendmail you can use a pipe in /etc/aliases (or /etc/mail/aliases depending on OS) for a particular user, or if you wanted to archive all inbound and outbound mail, you could do this: http://www.usenix.org/publications/l...archiving.html |
Appreciate
0
|
09-16-2009, 07:15 AM | #8 | |
Colonel
376
Rep 2,451
Posts |
Quote:
|
|
Appreciate
0
|
09-16-2009, 09:00 AM | #9 |
Lieutenant
42
Rep 481
Posts |
Um since this person is working at a company couldnt you just go into his computer and access his information?
The Electronics Communications Privacy Act prohibits an employer from intentionally accessing an employee's electronic communications unless its for a legitimate business purpose. And the good part for you is that 'legitimate business purpose' is anything done with company property. I'm sure your lawyer will tell you a similar thing.
__________________
MY10 335d: Montego Blue, Oyster/Black Leather, Aluminum Trim, Navi, ZSP with Paddle Shifters, ZCW, Alarm
Order Placed: Aug 15th, In Production: Sept 1st, At Port of Exit & Awaiting Transport: Sept 15th, Sept 16th, At Prep Center: Oct 7th, Released to Carrier: Oct 22nd, Delivered: Nov 11 |
Appreciate
0
|
09-16-2009, 10:03 AM | #10 |
Free Thinker
19288
Rep 7,549
Posts |
I assume you or someone you trust has admin rights on the employee's PC, right? Unless said employee is really good with computers, the evidence you need is probably on the PC still. Do you think he/she is only doing the stealing through email (ie, sending out data to someone) or FTP? If you use a keylogger, make sure whatever anti-virus program you use won't detect it (ain't that a kicker?).
Back in the day, I worked for an environmental engineering firm. An employee tried to walk out once with a floppy full of proprietary drawings. The owner stopped him and they ended up in a fight. The owner threw the guy through a wall. Literally. Big hole right through the sheetrock. We had a dialup connection then, so there really was no way for the thief to send things out over the network.
__________________
|
Appreciate
0
|
09-16-2009, 11:16 AM | #11 | |
ahat
1070
Rep 2,592
Posts |
Quote:
Alternatively, replace his desktop with another machine and just run forensics on it.
__________________
'13 335IS N54 (1 of 373 LeMans Blue out of 3597 total production e92)- Grey interior (1 of 24 in LMB with any trans- 1 of 14 with DCT)-MODS -MFactory LSD/MHD-BQ custom Tune/ATM-IC/AFE Momentum GT Intake/Konis/Mfront&HeimJoint Rear rods&arms/Brembos. https://photos.app.goo.gl/Lo6aHZRo7XqtPkhL8 |
|
Appreciate
0
|
Post Reply |
Bookmarks |
|
|