RE: Please assist, tracking or IDS options.

[J]

David:     Seriously, your best bet may be an independent consultant. This is for a variety of reasons:   --) Independent consultant is not aware of any internal company politics, so that’s not a factor should you end up prosecuting the offender;   --) Consultant may have expertise in this area that you don’t (evidence collection.)   --) Once job is done, consultant is done; you don’t need to hire them.     Lastly, breaching a computer system (in most cases) is a U.S. federal offense. Your local law enforcement, or even the FBI have teams of people dedicated to this problem. You may want to work with them in developing a method to catch the perp.   Just my thoughts,     JJ   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Ng Sent: Tuesday, October 23, 2001 5:14 PM To: [EMAIL PROTECTED] Subject: Please assist, tracking or IDS options. Importance: High   Dear all,     We have a NT network that was hit the other day, in the sense that it was remotely shutdown by an individual somehow. The person might have the passwords and also sound technical expertise in remote utilities. Is there a way for me to trace where the traffic was coming from that day and what IP address? Also, is there a way to automatically capture the screen if it was remotely controlled?     Please advise, thanks in advance.     Sincerely,       David Ng