Hi girls and boys,
I have some questions for you...
There's this bigshot CO from a big new firm who thinks he's being "hacked" from inside his firm and wants to find out who the culprit is. So forward I was called to formulate a plan of how I will deal with this.
Now there’s a catch.
I don’t know the OS, don’t know anything about the network or any policies and probably will know it only by the time I’ll meet this bigshot and set foot in this new clients firm. For all I know the entire “I’m being hacked” thing might be paranoia. :rolleyes:
Now I hope this OS will be a Windows 2000 or XP or at least a NT4 with the security eventlog enabled (but I think this hope is in vein) so I could plow through the logs and hope to find the “hacker”.
So most likely there’s no security in this new clients firm and that will be the main goal…to sell security. But first I will need to catch this “hacker” and I want to catch him red-handed if possible (not necessary). Are there any tools that will monitor the pc and alert the user if unauthorized access is in process? Now I know a firewall has this possibility and maybe even some AV’s but I don’t want to install any of these tools yet. So what I’m looking for is a tool that will work on even a Windows 98 or ME and can show me who is connected or better yet ...Can show the client who is connected or tries to connect…anyone knows a good tool that can do this (free if possible) ... I would use netstat to see the active connections or something similar depending on the OS but I don’t think this guy will be doing that.
I will be investigating the pc and try to find any Trojans, Backdoors or anything else that maybe used by the “attacker”, and also I will be checking the settings on the pc, Is a firewall installed is the AV up to date, who has local logon rights, who has domain rights (if it’s a domain that is) and so on … but will be leaving everything as is on the pc to see who will be connecting.
Now I know there’s not a lot of information but what would you do if faced with this task?
Any advice from you specialists is appreciated.