TekserMan,

You might want to check out the University of Illinois - their Business Innovation Serivices department does offer CEH training.  If you happen to be a military vet and are eligible for the Illinois Veterans Grant, you could use that.  Also, UIC-BIS has a grant program where eligible employers are allowed to pay for half of the course, and the grant covers the other half. 

http://www.bis.uiuc.edu/

Thanks a bunch Ketchup - The info you provided did spark my "creative thought process", and I was able to find most of what I was looking for. 

Hello All,

I am examining a Windows XP system, and there are multiple profiles on this system.  I would like to determine which user installed some of the software on this machine, but am not sure exactly where to look or what tools would be most useful for this task; can anyone point me in the right direction?

Good deal Jhaddix - I appreciate the input.  You've definitely given me a few more things to consider.

Thanks a bunch Jhaddix - you have pointed me in the direction to a bunch of info that I will most certainly look through. 

At first glance, it looks like you definitely have given me a ton of info with regards to how to stock my toolkit, but I think I am still missing a head start on information that I want to make sure I have all system admins pull together.  Like I said, I know obviously IP addresses and root/admin credentials to go in a software vault, network diagrams, but I am trying to round that list out. 

Can you think of any other information that I would probably want them to document?

Thanks again - I really appreciate the response.

Hello,

I am in the early stages of looking at putting together an IR program, and I am being asked to put together a template for all sys admins to begin pulling together the information that they might need during an incident.

I have a few thoughts (system passwords, network diagrams, etc.), but I am wondering what other things should I add to this template.

I guess basically the question I am asking is what information would you absolutely want to have readily available once you are notified that there is an incident of some sort occuring.

Thanks a bunch

Thanks for the suggestions guys.  Actually, I don't think any suspects have been identified, which is one of the reasons that i am not interested in a solutions that require software to be installed on client workstations (thousands of machines).  Also, we are a medim size company with several Internet connections, so whatever solution I come up with will have to be replicated at at least 6 locations.

Hello,

I have a situtation that I am trying to find solution to. My company, like many, is experiencing a tough time with the current economic climate. Unfortunately, we have had to lay some employees off, and this is a contributing factor to many employees resorting to anonymously posting very negative and libelous comments about the company. Senior management is convinced that these postings are coming from employees that are posting using company equipment on company time. We have used our existing web content filtering system to confirm that employees have visited the particular site from company networked PCs. However, I am unable to determine exactly what actions they are taking (what text they are actually posting).

Is anyone aware of any network based tools (not interested in installing client side software on a gazillion workstations) or creative techniques that I might use to determine what exactly is being posted? I do understand that I would only be able to monitor networks/systems under my companies control.

Thanks