Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kind of evidence gathered by agents

Published byMyles Bishop Modified over 6 years ago

Similar presentations

Presentation on theme: "Kind of evidence gathered by agents"— Presentation transcript:

1 Kind of evidence gathered by agents
RCS Modules Kind of evidence gathered by agents Is the “tool” of the agent used to gather certain type of evidence Pictures, files, keystrokes, messages, etc. What is a module? One shot modules need to be triggered everytime agent must gather a specific kind of evidence Always-on modules are activated by actions and are working until disabled by an anoter action Types of modules Not all modules are available in every platform and some of them are depending on Desktop or Mobile application Agents manage modules in a best efford form, so will gather the information requested only if its possible Platforms and availability

2 RCS Modules Desktop When an action starts one of this modules, only one unit of this kind of evidences will be gathered. Agent should activate them as many times as evidence units needs If an action starts one of these modules, it will work until another action stops it Thses are security modules that must be used after conulting with HT support service

3 RCS One-shot Modules Example: Taking a screenshot every 10 seconds
When agent starts working after 10 sec 1st screenshot 2nd screenshot 3rd screenshot

4 Example: Taking pictures when Skype starts and stops
RCS One-shot Modules Example: Taking pictures when Skype starts and stops When skype.exe stops When skype.exe starts

5 RCS On-Off Modules Example: Mouse module based on active process
When that window is not active When a window with *HSNC* in title is activ

6 RCS Modules Desktop: Takes a picutere with webcam if available. LED of webcam will blink Mobile: Takes a picture with front and rear camera of the device Camera Quality: Indicates level of JPEG compression of the evidence Camera Settings

7 RCS Modules Desktop: Processor, Memory, Disks, OS, Application list, …
Mobile: Model, Manufaturer, IMEI, IMSI, App list, ... Device Desktop: In Windows and Linux platforms, gather information of Bitcoins, Litecoins, ... accounts in the computer Money Desktop: Gathers wifi hotspots around. Mobile: Gathers Wifi hotspots around GSM cell info and/or GPS Position

8 RCS Modules Desktop: Takes a copy of whole screeen or on-focus window
Mobile: Takes a copy of device whole screen Screenshot Desktop & Mobile: gathers contacts from different applications like mail, chats, Facebooks, phone agenda, etc. Agenda Desktop & Mobile: shows when every application starts or stops Applications

9 RCS Modules Desktop & Mobile: Presents dates and schedules Calendar
Desktop: Records calls on supported applications Mobile: Captures audio* and call information from GSM and apps. Call Desktop & Mobile: Captures every piece of conversation on supported apps as single evidence Chat

10 RCS Modules Desktop & mobile: gathers text copied to clipboard Clipboard Desktop: Captures path (and content) of files opened by target matching filters of module settings. Files

11 RCS Modules Desktop & Mobile: Gathers what is typed in keyboard
Keylogger Desktop: Captures messages Mobile: Captures , SMS and MMS messages. Messages

12 RCS Modules Microphone Desktop & Mobile: Records surrounding voices
Desktop: Takes a picture around every mouse click Mouse Desktop & Mobile: Captures every possible password stored by user Password

13 RCS Modules Desktop & Mobile: Copy every URL accessed by device browser URL Mobile: Makes a third party call to specified number Conference Mobile: Calls specified number for realtime listening Livemic

14 RCS Modules Desktop & Mobile: Disable agent functionalities in order to prevent being detected URL

Download ppt "Kind of evidence gathered by agents"

Similar presentations

© 2013 Microsoft Corporation. All rights reserved. Schedule a Lync Meeting You can simply schedule an Lync Meeting by using the Outlook add-in for Lync.

© 2013 Microsoft Corporation. All rights reserved. Schedule a Lync Meeting You can simply schedule an Lync Meeting by using the Outlook add-in for Lync.
Getting Started. Intro Must Haves and Best Practices Demo Q&A Agenda.

Getting Started. Intro Must Haves and Best Practices Demo Q&A Agenda.
Talent Slate Mobile LMS Manual Club Name. Install the Talent Slate App on your Device Search for “Talent Slate” in the app store of your device and install.

Talent Slate Mobile LMS Manual Club Name. Install the Talent Slate App on your Device Search for “Talent Slate” in the app store of your device and install.
MXIE overview 5/4/20155.0 Update1. MXIE Media Exchange Interface for End Users 5/4/20155.0 Update2.

MXIE overview 5/4/ Update1. MXIE Media Exchange Interface for End Users 5/4/ Update2.
1 ITGS - introduction System unit + Peripherals = PC System unit (CPU, memory, …) Peripherals (mouse, keyboard,…) PC main purpose: to communicate with.

1 ITGS - introduction System unit + Peripherals = PC System unit (CPU, memory, …) Peripherals (mouse, keyboard,…) PC main purpose: to communicate with.
The sequence of folders to a file or folder is called a(n) ________.

The sequence of folders to a file or folder is called a(n) ________.
LYNC SERVER 2013 Lync Online and Office365 Omar Kudović ProCredit Bank d.d. Sarajevo BLOG: MAIL:

LYNC SERVER 2013 Lync Online and Office365 Omar Kudović ProCredit Bank d.d. Sarajevo BLOG: MAIL:
T.Sharon-A.Frank Multimedia Internet/Web MM Interaction Tools.

T.Sharon-A.Frank Multimedia Internet/Web MM Interaction Tools.
Adobe Connect User Guide. Adobe Connect Meeting is an online-based tool that lets you to connect with colleagues, classmates, or anyone else around the.

Adobe Connect User Guide. Adobe Connect Meeting is an online-based tool that lets you to connect with colleagues, classmates, or anyone else around the.
 What is it?  Skype is software which allows you to call other computer users who also have Skype installed for audio and/or video chats, for free.

 What is it?  Skype is software which allows you to call other computer users who also have Skype installed for audio and/or video chats, for free.
Useful free software. Skype Free phone calls (to computers) Free video calls Video chat Get help from family members Cheap phone calls (to phones) Download.

Useful free software. Skype Free phone calls (to computers) Free video calls Video chat Get help from family members Cheap phone calls (to phones) Download.
How To Get Insanely Organized With Evernote Unleash the Power of the Trunk Michelle Lindsey, Technology Instructor Ozark Upper Elementary

How To Get Insanely Organized With Evernote Unleash the Power of the Trunk Michelle Lindsey, Technology Instructor Ozark Upper Elementary
COMMUNICATION SOFTWARE Presented by Linda Walker Illinois Office of Educational Services December 4, 2009.

COMMUNICATION SOFTWARE Presented by Linda Walker Illinois Office of Educational Services December 4, 2009.
Skype Skyping In The Classroom Freda Williams

Skype Skyping In The Classroom Freda Williams
Objectives Overview Identify the general categories of programs and apps Describe how an operating system interacts with applications and hardware Differentiate.

Objectives Overview Identify the general categories of programs and apps Describe how an operating system interacts with applications and hardware Differentiate.
AMANDA SHERRATT. What is SKYPE ? COMPUTER PROGRAM AND VOICE OVER INTERNET PROTOCOL USE IT TO PERFORM VIDEO CONFERENCES, SEND INSTANT MESSAGES AND TEXT.

AMANDA SHERRATT. What is SKYPE ? COMPUTER PROGRAM AND VOICE OVER INTERNET PROTOCOL USE IT TO PERFORM VIDEO CONFERENCES, SEND INSTANT MESSAGES AND TEXT.
What you should know and/or be able to do..  Desktop Layout  Mouse Operations  Point  Click  Double-Click  Right-Click  Drag  Right-Drag  Create.

What you should know and/or be able to do..  Desktop Layout  Mouse Operations  Point  Click  Double-Click  Right-Click  Drag  Right-Drag  Create.
CARNIVORE And Other Computer Spy Programs. What is Carnivore? Carnivore helps the FBI conduct ‘wiretaps’ on Internet connections. Carnivore is a computer-based.

CARNIVORE And Other Computer Spy Programs. What is Carnivore? Carnivore helps the FBI conduct ‘wiretaps’ on Internet connections. Carnivore is a computer-based.
Computing Fundamentals Module Lesson 3 — Changing Settings and Customizing the Desktop Computer Literacy BASICS.

Computing Fundamentals Module Lesson 3 — Changing Settings and Customizing the Desktop Computer Literacy BASICS.
Specialist communication channel. Sarah-Jane king.

Specialist communication channel. Sarah-Jane king.

Similar presentations

Ads by Google