Copy HDD Across Network
am 03.10.2007 15:50:25 von SDIs there a forensically sound and stealth method of copying a laptop
hdd across the LAN?
Is there a forensically sound and stealth method of copying a laptop
hdd across the LAN?
SD
> Is there a forensically sound and stealth method of copying a laptop
> hdd across the LAN?
Rather than us getting mired in waht your definition of forensically
sound is, what is it you're trying to do. Copy a hard drive across
the LAN obviously, but what is the situation such that you're
attempting to thwart leaving any forensic footprint and evade
detection?
--
Todd H.
http://www.toddh.net/
On Oct 3, 8:05 am, comph...@toddh.net (Todd H.) wrote:
> SD
> > Is there a forensically sound and stealth method of copying a laptop
> > hdd across the LAN?
>
> Rather than us getting mired in waht your definition of forensically
> sound is, what is it you're trying to do. Copy a hard drive across
> the LAN obviously, but what is the situation such that you're
> attempting to thwart leaving any forensic footprint and evade
> detection?
>
> --
> Todd H.http://www.toddh.net/
A member of staff is using personal laptop to store sensitive
information, this person may be scheduled for sensitive term. other
than the above I can't get into too much detail.
SD
> On Oct 3, 8:05 am, comph...@toddh.net (Todd H.) wrote:
> > SD
> > > Is there a forensically sound and stealth method of copying a laptop
> > > hdd across the LAN?
> >
> > Rather than us getting mired in waht your definition of forensically
> > sound is, what is it you're trying to do. Copy a hard drive across
> > the LAN obviously, but what is the situation such that you're
> > attempting to thwart leaving any forensic footprint and evade
> > detection?
> >
> > --
> > Todd H.http://www.toddh.net/
>
> A member of staff is using personal laptop to store sensitive
> information, this person may be scheduled for sensitive term. other
> than the above I can't get into too much detail.
Ugh. That sucks. "Sensitive term." termination?
Yer into legal issues I suspect. Even if you could manage to
crack into that laptop while it's on the company's lan, the legality
of doing so would not be clearcut at all. I imagine the employment
agreement and whatever supplements the employee has signed as
conditions of employment would figure in.
Technically, you'd be looking at it like any other bad guy attacker
would. If it's on the physical premises, and legality weren't an
issue, the easiest way is to grab the box itself and image the hard
drive while the individual's at lunch.
This brings up several interesting employment law questions though.
What latitude does an employer have to search personal property for
evidence of theft, what recourse does an employer have (other than
terminating the employee) if they can prove an individual stole or
inappropriately stored company intellectual property on their private
workstation?
My gut says "not much" though. Curious if there's anyone steeped in
the law of this realm here.
--
Todd H.
http://www.toddh.net/
SD
> Is there a forensically sound and stealth method of copying a laptop
> hdd across the LAN?
Yes.
Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."
Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"
SD
> A member of staff is using personal laptop to store sensitive
> information, this person may be scheduled for sensitive term.
Better have a talk with this person. If you're unsure enough, that this
person may be bought by your competitor, you have no joice for firing
him immediately.
Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."
Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"
On Wed, 03 Oct 2007 06:50:25 -0700, SD wrote:
> Is there a forensically sound and stealth method of copying a laptop
> hdd across the LAN?
Pre-encrypt the data on the LTop, YouSendIt
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
On Oct 3, 9:33 am, comph...@toddh.net (Todd H.) wrote:
> SD
> > On Oct 3, 8:05 am, comph...@toddh.net (Todd H.) wrote:
> > > SD
> > > > Is there a forensically sound and stealth method of copying a laptop
> > > > hdd across the LAN?
>
> > > Rather than us getting mired in waht your definition of forensically
> > > sound is, what is it you're trying to do. Copy a hard drive across
> > > the LAN obviously, but what is the situation such that you're
> > > attempting to thwart leaving any forensic footprint and evade
> > > detection?
>
> > > --
> > > Todd H.http://www.toddh.net/
>
> > A member of staff is using personal laptop to store sensitive
> > information, this person may be scheduled for sensitive term. other
> > than the above I can't get into too much detail.
>
> Ugh. That sucks. "Sensitive term." termination?
>
> Yer into legal issues I suspect. Even if you could manage to
> crack into that laptop while it's on the company's lan, the legality
> of doing so would not be clearcut at all. I imagine the employment
> agreement and whatever supplements the employee has signed as
> conditions of employment would figure in.
>
> Technically, you'd be looking at it like any other bad guy attacker
> would. If it's on the physical premises, and legality weren't an
> issue, the easiest way is to grab the box itself and image the hard
> drive while the individual's at lunch.
>
> This brings up several interesting employment law questions though.
> What latitude does an employer have to search personal property for
> evidence of theft, what recourse does an employer have (other than
> terminating the employee) if they can prove an individual stole or
> inappropriately stored company intellectual property on their private
> workstation?
>
> My gut says "not much" though. Curious if there's anyone steeped in
> the law of this realm here.
>
> --
> Todd H.http://www.toddh.net/- Hide quoted text -
>
> - Show quoted text -
Thanks for the input and yeah you could say it sucks... Agree w/you
on the miraid of legal quest. Policies are fairly clear, however, I
don't want us to rely strictly on the policy as we know those can
always be subject to interpretation... Thanks for the input all the
same.
SD
> Thanks for the input and yeah you could say it sucks... Agree w/you
> on the miraid of legal quest. Policies are fairly clear, however, I
> don't want us to rely strictly on the policy as we know those can
> always be subject to interpretation... Thanks for the input all the
> same.
No problem.
I'd urge caution. First, this is the company's intellectual property
you're talking about, not your own personal wealth (lest you are the
sole proprietor of the company).
And there may be little that would prevent the angered (ALLEGED thief)
from pressing criminal charges against you for unlawfully searching
the employee's personal property.
Best Regards,
--
Todd H.
http://www.toddh.net/
SD wrote:
> On Oct 3, 8:05 am, comph...@toddh.net (Todd H.) wrote:
>> SD
>>> Is there a forensically sound and stealth method of copying a laptop
>>> hdd across the LAN?
>> Rather than us getting mired in waht your definition of forensically
>> sound is, what is it you're trying to do. Copy a hard drive across
>> the LAN obviously, but what is the situation such that you're
>> attempting to thwart leaving any forensic footprint and evade
>> detection?
>>
>> --
>> Todd H.http://www.toddh.net/
>
> A member of staff is using personal laptop to store sensitive
> information, this person may be scheduled for sensitive term. other
> than the above I can't get into too much detail.
>
depending on your local laws, but in general I would say:
does your policy allow private notebooks
yes: you can't do much except ask them to not bring them to the office
-and fire them for a different reason :-(
no: you might be allowed to look at his data WITH
a member of the staff association or work council
a member of the security department
and the laptop owner.
also keep a written protocol of what exactly was done, who was present, what was found.
if there is a suspicion of criminal activity, you could inform the authorities.
Because they are using your network infrastructure to commit a crime.
but still: speak to your legal department
how is the saying: technology doesn't solve human problems?
M