Does anybody know of a software that could be used in a cyber investigation case to monitor some IRC channels, logging everything that is going on there and ideally piping each message in a database ?
I know that there are some bots programmed by some script kiddies that can probably do this, but I would like something from a more reliable source…
Thanks!
Are you LE?
LE have access to some interesting tools for harvesting IP addresses from P2P and other things so it's possible there is something like that out there.
Its not that big a job to code one up yourself.
A simple Python script could do the job, the code in the link below can be hacked into something useable
http//
Pedantic mode on script kiddies don't write code, that's why they're called script kiddies. )
Are you LE?
LE have access to some interesting tools for harvesting IP addresses from P2P and other things so it's possible there is something like that out there.
Yes, I'm LE. We indeed have access to some useful stuff, but we have to find who is making it available, thus this thread. I haven't found anything yet…
Its not that big a job to code one up yourself.
I agree, but since IRC has been there since the dawn of ages and a lot of bad stuff is happening on IRC, I thought there would be some turn-key solution that would exist for this type of investigation.
..clearly you're planning on having a client sit in those channels - most IRC clients allows for logging of conversations that occur within a channel as well as dcc chats..
We've tried using the ususal IRC clients, but they don't seem to be designed to be running continuously for weeks. The crash after a while and we lose a bunch of info.
We would like an IRC client with "special features" such as the ability to change nickname after a while, parsing all messages and logging them in a database,etc.
We've tried using the ususal IRC clients, but they don't seem to be designed to be running continuously for weeks. The crash after a while and we lose a bunch of info.
That would be an "IRC LogBot", if I get it right, like (examples)
http//
http//
http//
http//
but AFAIK/AFAICU they run in "silent" mode.
We would like an IRC client with "special features" such as the ability to change nickname after a while, parsing all messages and logging them in a database,etc.
That would be more a "AI IRC BOT", like (examples)
http//
http//
jaclaz
Unless it is a overly large irc channel where the ops would not notice a bot lingering around due to numbers, i wouldn't put the effort into coding something yourself. The ops will quickly pick up on this and just ban the ip, they will notice the same ip jumping on random nicks if they channel is a medium to small channel. might be fun to create a eggdrop script or similar to do this though.