Hi all,
John raises some very interesting points! MAKE sure that you know what you are looking for, your end goal and the appropriate steps to get you there. If you can't articulate these three items, perhaps you should consider whether or not anything that you capture with a logger will be of any use?? / will you know what to do with it once it is collected?? I echo John's comments re: prosecution/law enforcement with tied hands. I have worked with law enforcement and their biggest complaint is companies that taint evidence that results in on-going investigations / new legal proceedings from falling flat b/c the evidence (and associated evidence) is thrown out. Also why prefer not running as Admin?? You do have admin rights / or are a Security professional within this company?? / are actually empowered to install this type of data gathering tool on a companies system. If not then you are asking the wrong group! Ciao ~P ----- Original Message ----- From: "John Daniele" <[EMAIL PROTECTED]> To: "Michael Ullrich" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, January 23, 2002 11:26 AM Subject: Re: keylogger? > > Hi Michael, > > Before even considering the specifics of installing surveillance devices, > do consider what you are trying to accomplish. Be clear as to what your > company's intentions are. Are they to simply fire this individual or > perhaps press charges. Perhaps you have already done this, but in either > case I would advise you to review your company's HR policies before > proceeding. Ensure that your HR policy specifically states that your > employees may be closely monitored for internal security purposes. Also > ensure that the suspect has signed off understanding and acceptance of > these policies. If not, you may want to coordinate this operation with > your company's lawyers as you may or may not be violating this > individual's privacy rights, if any. > > If your company does intend to press charges, I would encourage you to > enlist the services of a computer forensic investigator to assist in > collecting evidence that can be admissible in the court of law. There are > very strict procedures that need to be followed in order to meet > admissibility requirements. Also consider the possibility that this > individual files a wrongful dismissal suit. Having evidence on your side > collected in accordance with the law may help prevent the suit from > progressing any further. > > Also consider the possibility that once you begin monitoring this > individual, you are witness to other, unrelated, criminal acts. You may be > required by law to report this activity to the proper law enforcement > authority. If proper procedure was not followed from the beginning, that > evidence may or may not be admissible; making law enforcement's job that > much more difficult. > > > ---------------------------------- > John Daniele > Technical Security & Intelligence > Toronto, ON > Voice: (416) 605-2041 > Email: [EMAIL PROTECTED] > Web: http://www.tsintel.com > ---------------------------------- > > > On Wed, 23 Jan 2002, Michael Ullrich wrote: > > > It looks like as if somebody in our company is misusing > > the pcs of others. We have already changed passwords and stuff. > > But nevertheless I want to install some kind of logging software on pcs > > which we left open. The audit policy on NT4 (which is the os of those > > pcs) is not enough. Does anybody know good logging software that is > > free. It would be good if this could be installed without > > Admin rights. > > > > Thanx > > Mike > > > > ____________________________________________________________________________ __ > > 100 MB gute Gründe. Jetzt im WEB.DE Club anmelden und Prämie sichern! > > Superstars, Topevents und Wunschrufnummer inklusive - http://club.web.de > > > > > >
