Collecting Information
11
Collecting Information
Introduction When an intruder attempts to break into your system, RealSecure Desktop Protector can
track the intruders activities. You can use this information to determine what an intruder
did to your computer. This section explains how to gather and use this information.
Back Tracing Desktop Protector can back trace each intrusion to determine where it originated. You can
tell Desktop Protector to seek information from the originating computer itself or from
points the packets passed through on the way to your computer.
When Desktop Protector back traces an intruder, it attempts to gather the IP address, DNS
name, NetBIOS name, Node, Group name, and MAC address. Skilled intruders will often
block Desktop Protector from acquiring this information.
To set up back tracing, see Introduction on page50 and The Back Trace Tab on
page 76.
Evidence files RealSecure Desktop Protector can capture network traffic attributed to an intrusion and
place that information into an evidence file. Desktop Protector captures and decodes each
packet coming into the system, so it can generate files that contain detailed information
about the intruder's network traffic.
To an experienced network engineer, evidence files show exactly what the intruder did or
attempted to do. Because evidence files provide proof of the attacker's activities, this can
be very useful to law enforcement or legal counsel in tracking criminal intruders.
For information about setting up evidence gathering, see Collecting Evidence Files on
page 52.
Packet log files Packet logging records all the packets that enter your system. This can be useful if you
need more detailed information than evidence logs contain. Packet logs can become very
large and use considerable hard disk space. However, if you are experiencing repeated
intrusions on a system, packet logging can help gather additional information about
activity on the system.
For information about setting up packet logging, see Collecting Packet Logs on page 54.