Forums
Main Category
General (Technical,...
Log Analysis
 
Notifications
Clear all

Log Analysis

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by keydet89 16 years ago
15 Posts
5 Users
0 Reactions
1,474 Views
RSS
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
Topic starter 10/01/2010 11:12 pm  

bssid-location.pl

# Find the Longitude and Latitude of a BSSID
Check it Here

Yeah have that but some of the packages I need for it on my platform I am having challenges with.

Now to go slightly off my OP but on the geolocating topic…

http//windowsir.blogspot.com/2009/09/where-was-waldo.html

Was thinking about playing around with this to make it a web app that you could load MAC addresses into. It would make the calls to Skyhook, return the coordinates and overlay on to a Google map. Wanted to also and the function to upload a CSV, txt file, etc. with multiple MAC addresses so it can give you a bunch of results at one time and on one map.

Would this be useful to anyone or am I drinking too much coffee today?


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
10/01/2010 11:17 pm  

It is great to see a graphically representation of the file system and disk activity through a period and that's about it. Add in all the other screens open of various logs, events and application data - add handwritten notes on the time line and one's head start to spin. Trying to put that in a nice overview for the client to decide the investigation strategy when the client is calling every hour for updates would just allow the examiner to hand off something to ease the clients concerns while we also look at other avenues. Plus its nice to hand off a big picture because often the client them comes back with terms, keywords or areas to investigate that they might not have thought of in the early interviews.

Well, you can also make a Power Point presentation of it, or better even an animated Prezi
http//prezi.com/
one, or even better, hire a PR to keep the Client happy and tranquil. D

It seems to me like the point keydet69 was trying to make was that a timeline may be nice and colourful, but is it actually useful (to the examiner - not to the client wellness)?

jaclaz


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
Topic starter 11/01/2010 12:33 am  

Oh it definitely can turn into garbage in garbage out very quickly. But handing over 120k emails, multiple extracted logs and reg entries and other data and asking the client to make sense of it is met with glazed over eyes sometimes ) Just trying to find a balance. I am using newer products that do the e-mail relationship analysis and it works great for that - just wanted to expand the concept.


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
11/01/2010 8:05 am  

[quote="douglasbrush]Would this be useful to anyone or am I drinking too much coffee today?

I asked the same question…


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
11/01/2010 8:41 am  

[quote="douglasbrush]Funny you should say that. Was doing the time line analysis in EnCase and that is what got me thinking down this path because the display is not particularly revealing when you drill down. It is great to see a graphically representation of the file system and disk activity through a period and that's about it. Add in all the other screens open of various logs, events and application data - add handwritten notes on the time line and one's head start to spin. Trying to put that in a nice overview for the client to decide the investigation strategy when the client is calling every hour for updates would just allow the examiner to hand off something to ease the clients concerns while we also look at other avenues. Plus its nice to hand off a big picture because often the client them comes back with terms, keywords or areas to investigate that they might not have thought of in the early interviews.

Well, let me know when you find that…I've been looking for something like that for a while now! 😉

I mean, really…how do you graphically represent all of the available data to find that which has the least frequency of occurrence (per Pete Silberman)?

[quote="douglasbrush]
Ultimately we are trying to track a users behavior on a system so the meat manipulating the data has to be profiled through activity to find anomalies.

That's where the analyst's wet-ware comes in…


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: