Solved

I have been asigned a task of decrypting an infection and find where the information is going

Posted on 2009-05-08
5
230 Views
Last Modified: 2013-12-06
I have someone that knows who infected there computer and the computer is sending information out to the other person. Some of it is very personal and the other person had made comments about it. He wants me to decrypt the computer but not clean it to find the backdoor or other infection that is sending this information out. Maybe it is a keylogger. I don't know.
I can clean a computer very easy, but this is new to me.
What tools can I use to find what the system is using and where this information is beening sent to?
I will pay for a type of software if I have to.
0
Comment
Question by:calitech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Accepted Solution

by:
warturtle earned 200 total points
ID: 24337441
You can use this program to see the list of programs that are currently open along with the IP address of where the information is being sent to:

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

Hope this helps. I am hoping that this is for a good cause.
0
 
LVL 23

Assisted Solution

by:Mohamed Osama
Mohamed Osama earned 150 total points
ID: 24337701
This type of activity is called computer forensics, it comprises an important field for Information security professionals.
you can take a look at some open source Windows forensics tools and try some for yourself.
http://www.opensourceforensics.org/tools/windows.html
TCPView is a good start, all sysinternals utilities can be run live from http://live.sysinternals.com/
you may also want to us etools from there like Process explorer, Procmon to identify what exactly is going on on that machine, e.g, if you are hunting for a keylogger, you will be able to see which process is writing to disk, thus give away the log location ,etc...
Computer Forensics on Wikipedia
hope this helps

0
 

Author Comment

by:calitech
ID: 24340247
Ok so it sounds like these people sent him an email and was able to get a report of his history and bookmarks in firefox.
Any clue on how find out  if that is true?
0
 
LVL 19

Assisted Solution

by:CoccoBill
CoccoBill earned 150 total points
ID: 24345304
Just by sending an email, no. If the email included a trojan as an attachment or a link to a site with malware, possibly. As Admin3k said, the activity you've been asked to perform is called computer forensics, which is quite different from cleaning up infected machines and requires fairly deep understanding of the operating system and possible attack vectors. I'd say it's quite unlikely any single tool will be able to just tell u what happened, you need to dig deep and find out yourself (or better yet, get someone who knows what they're doing to do it for you). There are various forensic toolkits available, personally I like backtrack (http://www.remote-exploit.org/backtrack_download.html), which is a linux distribution filled with various handy tools. Their wiki contains various tutorials (https://wiki.remote-exploit.org/backtrack/) to get you started if you're interested, also check out these links:

http://en.wikipedia.org/wiki/Computer_forensics
http://www.sans.org/reading_room/whitepapers/forensics/
http://www.computerforensicsworld.com/
0
 

Author Closing Comment

by:calitech
ID: 31579486
Thanks for the input
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question