Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: ant888
New Today: 3
New Yesterday: 0
Overall: 29286

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Hash calculation between image and original file
 Final Year Project
 Android devices with PIN screen lock and without USBdebb. on
 Can file creation and modifications on pendrives be found?
 Viewing real MAC times of a timestomped file

Computer Forensics World Forums


Pages Served
We received
49944939
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - File copied over internet connection
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

File copied over internet connection

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
Tobu
Newbie
Newbie


Joined: May 08, 2014
Posts: 4

PostPosted: Fri May 09, 2014 1:13 am    Post subject: File copied over internet connection Reply with quote

I'm responsible for hardware ops at a facility handling classified data, but I'm entirely new to forensics so please forgive my somewhat amateurish question...

Tonight and last night, by negligence, sensitive files were left on a low-security computer, which had connection to the internet (not via WLAN) for about 8 hours during both nights. It has since been determined that there had indeed been some malware present on the PC, and even though none of it seemed to be specifically spyware targeting our files, I'm understandably concerned by this breach in security.

Is there a way to determine if any files have been accessed/copied over the internet connection, and if yes, what files were accessed/copied?

Thank you,
Tobu
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Fri May 09, 2014 1:29 am    Post subject: Reply with quote

Wow. Word for word no less.
Back to top
View user's profile
Tobu
Newbie
Newbie


Joined: May 08, 2014
Posts: 4

PostPosted: Fri May 09, 2014 2:06 am    Post subject: Reply with quote

Well, what can I say.
These things happen whenever a human factor is involved.
As I know that cases similar to this one have not been judged entirely hopeless even if considerably more time had passed between the breach and the initiation of an investigation, I hope your "wow" does not mean that my case is hopeless.
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Fri May 09, 2014 5:27 am    Post subject: Reply with quote

The comment was because the question is nearly word for word matching questions from various Computer forensics degree programs.
I would suggest you check your firewall logs. Since you handle classified data, I'm sure you have a good firewall that is logging traffic that was allowed through it.
I'm sure this isn't the answer your instructor is looking for, but you haven't given a lot of detail either.
Back to top
View user's profile
Tobu
Newbie
Newbie


Joined: May 08, 2014
Posts: 4

PostPosted: Fri May 09, 2014 6:40 am    Post subject: Reply with quote

Be assured that this is a serious question and not part of a training program or exam. I wish it was. lol
Issue being that our software experts are all assigned to another off-site project currently and we're running on a skeleton staff here, which is why I turned to this site. Thank you for the quick reply.

Someone also suggested that if illicit access took place, but the trespasser removed his tracks, then the sheer volume of outgoing traffic for the period in question could be checked to see whether it could mean data was accessed via the connection.
Is that a valid indicator?
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Fri May 09, 2014 2:31 pm    Post subject: Reply with quote

Depending on the actual seriousness of the case, you may consider hiring a professional to do the investigation. If you do not know what you are doing, you can taint evidence and make it useless in the event of prosecution.
Back to top
View user's profile
Tobu
Newbie
Newbie


Joined: May 08, 2014
Posts: 4

PostPosted: Fri May 09, 2014 9:59 pm    Post subject: Reply with quote

Well this is a serious case. So in theory, it would be possible to find out for a professional? My whole question was more aimed at whether it is possible at all, even if it takes more than any makeshift solution we can come up with.
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Sat May 10, 2014 12:19 am    Post subject: Reply with quote

Whether it is possible depends entirely on system and network configuration. There is no way to answer your question with the given information.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.