SLUG Mailing List Archives - Re: [SLUG] forensics work without history file

To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] forensics work without history file
From: "Jesus M. Salvo Jr." <jesus.salvo@xxxxxxxxxxx>
Date: Tue, 08 Feb 2005 14:50:13 +1100
User-agent: Mozilla Thunderbird 0.6 (X11/20040519)

James Gray wrote:

Not directly. You can imply what *might* have happened from the changesmade. Best option is to install a key-logger. We use key-loggers on allour core *nix boxen mainly because there are a few people with root'spassword (7 or 8 senior admins - the rest get sudo). Root's .history fileis a symlink to /dev/null. So we use a keylogger that sends all thekeystrokes to another machine :) Sorta like remote syslog.

That wont handle the case of a remote login, either rsh or ssh ... orvia the serial console.Is placing a keylogger even legal, with or without the employee'sknowledge ?

Follow-Ups:
- Re: [SLUG] forensics work without history file
  - From: Dean Hamstead
- Re: [SLUG] forensics work without history file
  - From: Glen Turner

References:
- [SLUG] forensics work without history file
  - From: Ricky
- Re: [SLUG] forensics work without history file
  - From: James Gray

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] video editing software
Next by Date: Re: [SLUG] aic7xxx scsi module
Previous by thread: Re: [SLUG] forensics work without history file
Next by thread: Re: [SLUG] forensics work without history file