Hello friends
Please help me in understanding how to preserver a web content or a web page as an evidence
Is there any free tool to do it?
Please help
Thank you very much
Regards
cybercriminal1 evil
Please help me in understanding how to preserver a web content or a web page as an evidence
You dowload it and you put it in an evidence preserving container.
Remember to put some sticky tape around the container and to sign it with place and date.
jaclaz
Jacalz - Thank you mate for mocking my question
But I'm serious about my question and need a proper response
Please help
Check out Cernam, they have an online solution that takes a copy of a site at a given time and maintains an audit trails etc… You're probably best giving them a ring to see how they can help you, there site is good, but their tool is a working progress. Theyre based in Ireland.
Hope they can help you out.
You know, Jaclaz did give you a proper answer. Make sure you document EVERY action, too.
Jacalz - Thank you mate for mocking my question
But I'm serious about my question and need a proper response
Please help
Well, the issue is that you asked - of course unintentionally - a very "vague" or "generic" question, which opens a whole range of possible scenarios, and consequently all kind of possible answers/suggested procedures.
The given answer is "as generic" as possible.
For a Static web page, you download it with any site downloader (or just click Save as in the browser), then you possibly put the result in an archive, hash it and document any step you have taken.
For a dynamic one, the issue is that what you download is most likely to be only "parts" of the story and if some interaction is given (like providing a password, clicking, filling any form or captcha and what not) you need a way to "record" the whole process (besides downloading the single pages, as in some cases what is relevant is the "behaviour" of the site, besides it's sheer contents or the actual contents that you can download)
What I find a good way is to run a VM (in windowed mode) with a freshly installed OS (any "small" non-live Linux Distro will do it) and use a screen recording software (or you can use *any* film-based or digital motion camera instead pointed to your screen) to document the interaction of the site with you.
At the end you will have
- an actual "movie" of the site
- the contents saved (at least those that are downloadable)
- an actual VM install on disk image with all the relevant "artifacts" or anyway temp files, etc. the web site provides, their date/time, etc.
this is particularly relevant for sites using ads or similar "external" contents, as the moment you access the site the ads may contain objectionable material, and half an hour later may be perfectly "kosher".
jaclaz
Hi Jackalz
Thank you very much
I will briefly describe the scenario
"ABC company's site has been compromised. The hacker posted all the information on a public forum and phoned the CEO of company and told your company's website has been hacked and please see " https://
Using some basic forensics techniques, I understood that they might have ran some hacking tools for sql injection to get some databases
I've found his identity and he's posted with his real name in a dynamic web page and I want to use it as an evidence
so here you go…
btw, you gave information on fresh copy of VMware window and record the information. Is that widely accepted ( example, ACPO guidelines)?
Regards
Cybercriminal1 twisted evil
btw, you gave information on fresh copy of VMware window and record the information. Is that widely accepted ( example, ACPO guidelines)?
Not really, I gave a suggestion about using a VM (not necessarily VMWare), it can be *any* VM, Qemu, Virtual PC, VMware, Virtualbox, Bochs to name a few.
I think that ACPO guidelines are "guidelines" wink , not "operation manual", on the other hand, if they did have this kind of detail, you wouldn't have posted asking about what to do in your case, right?
jaclaz
I have to agree with Jaclaz's original response, and that it was not mocking you. In fact, the response was pretty clear.
So, there's a couple of things you can do. You can visit the web site with a browser, and make screen captures of the page. You can use your browser's ability to display the source code of the web page you're visiting, and save that to a "container", which you then mark. Or you can use a tool such as wget to obtain the source HTML of the page(s).
I'd really recommend that you thoroughly document what you do, as well. By "thoroughly", the standard should be that someone using the same tools and the same process should be able to obtain the same results (or similar, if the site is subject to change over time).
Questions about whether or not any of this is IAW the ACPO Guidelines are easily answered by *you* checking them against those guidelines.
HTH
Hello friends
Please help me in understanding how to preserver a web content or a web page as an evidence
Is there any free tool to do it?
Please help
Thank you very much
Regards
cybercriminal1 evil
If you want to do this, you can
1) install and activate on your pc a desktop camera sftware
2) activate a network sniffer (wirwshark)
3) open the webpage with explorer or what do you want.
4) put a digital timestamp on the files.
if you want, you can put file on a zipfile, and sign it.