I have been told we are having this Forensic Software on our network. The guy from the company os coming in next week to install it on one of our servers. I have had a quick look at teh installl guide etc and it all seems to be straight forward install of IIS. SQL and the software. The only worrying thing is the client software. It does look like it has to be installed on each PC individually( i will look later to see if i can do a MSI package)
IS any one else running this or trialing this and if so what feedback haveyou got?
Forensic Software to raise the profile of a new powerful behaviour monitoring software which benefits any agency dealing with the welfare of children, for instance Schools, Police, Health and Social Services. It monitors all user activity on the network.....not just internet use but also emails, chat rooms, and any desktop activity.
It captures unsuitable behaviour while it's happening, and reports it in a jpeg format meaning the information can be looked at and used to address behaviour with the relevant children involved.
The product is a response to the Every Child Matters initiative to prevent things like:
* Missuse of chat rooms
* Potential child suicide & self harm
* Pornographic material from sex and violent sites
If you would like to discuss how to make your network a safer place please email firstname.lastname@example.org or call 01256 827555 and ask for a member of the education team.
Somebody tried to sell this to me once. All the buzz words are in there and it makes SLT listen but it's quite easy to prevent much of the misuse using content filters and denying access to services such as 3rd party email (e.g. hotmail).
With most of these, I just tell them straight away that I run Citrix and they soon disappear when they realise they can't run it on our network.
Securus rang me last week quoting me rough prices. I asked the marketing guy what the support costs would be in subsequent years - he didn't know and quoted estimates that didn't add up to the final figure he stated! (Securus does work on Citrix though apparantly).
I looked at the home access solution (24 Hour School) that they are offering and realised that it's just webDAV with a "fancy" front end.
It got replicated within a rather short amount of time.
I think it's a shame that schools that have had a network capable of webdav and dont think about setting it up and instead outsource to companies like teksys willing to charge extorsionate (however that is spelt) amounts of cash for a solution so simple.
Problem is......we have already had the demo fo rover a month back in October. We installed it on 25 machines in on IT room.
My own personal opinion was that its cr*p. We put a few buzz word sinto a already default library and left it for a month checlikng occasionaly. It found all sorts of screenshots but most were stupid. A sample word was 'sh*t' but it did a screen shot of every word containing thse letters ir Mashita. Also for bullying a racist reason we put 'P*ki' in as a word and it picked up screen shots of pakistan etc. We told the Head of ICT it was a waste of money ( a large amount at that as well as a annual fee) but he took no notice of us ( or should i say the Sys Manager)
IMOHO, I thought the concept of Forensic softwares product was quite good.
However it gets detected by most good AV and spyware as a commercial keylogger and thats really what it is!
You must look at this product in an unbiased manner, it has great potential in certain problem areas however in other schools it would never pay for itself so some may say why bother in the first place.
Where I know it's really good is Girls schools.
They are not normally so equipment destructive but they can be terrifyingly vicious to each other.
This software catches them red handed time and time again.
It intercepts slang usage, excellent for identifying the use of messenger type applications and websites. Close them down in seconds.
Evidence, when action is required you need evidence and lots of it, this product gives you all you could ever need.
Where it's bad, you would probably want to host it on a dedicated box as it could become a massive resource hog.
It has a memory overhead at each client.
False positives, as said elsewhere innocent webpages are often grabbed as a potential offence because "sex" was detected somewhere on the page as in "Essex".
This can make it difficult to seperate the bad from the good and you might spend far too long trying to find something you can't fix!
Cost, I beleive the prices are down on last years, but in 2005 they were asking about ¬£25 per seat going down if you had more than 200 seats.
Viglen had this product in the classlink NT4 product under another name Im sure.
Lastly if you installed a keylogger on all of your systems you would probably be in breach of some human rights treaty of some sort so a highly visible awareness notice needs to conveyed.
So once again what might be a wonderful and useful tool to some may be construed as an awful waste of time and money to another.
Securus do a similar product but as an appliance i I think.
A sample word was 'sh*t' but it did a screen shot of every word containing thse letters ir Mashita. Also for bullying a racist reason we put 'P*ki' in as a word and it picked up screen shots of pakistan etc.
In all fairness, it DOES make a difference if you select the word as 'embedded' or not... if it IS embedded then you would get the results you have seen. Otherwise it would only list the individual usage of those words.
We've had a SECURUS box here for a while now, and it has been a good deterrent, and also bailed us out of a small number of situations where students have entered 'inappropriate' comments and language on various forums. In those cases, being able to identify the time\date\user has been a real boon. Catching those cases has /significantly/ improved the deterrent value.
As an aside, we've been using Teksys here for a number of years now, and it's almost like you guys are describing a different company... I have had nothing but excellent service from them and would have no hesitation in recommending them to anyone. They have been involved in several different projects here, and all the engineers have been efficient and happy to help with any aspect of the projects (as long as it's been reasonably relevant!).
I have to admit I've been trialing the Securus software for about two weeks and it does pick up an awful lot of false positives but I would rather have that than no results at all. As you've said making sure it isn't an embedded word would help cut down these and another feature in the next release is for the program to onlly "Allow" programs you've given in a list unlike the current revision which is a "Deny" programs which as most of you know is a real pain to get on top of! It will also flag up programs people try running (In the new release) which is good! I trialed Forensic Software and this was a very nice program too, but I think Securus may just have a few more useful features both don't go overboard and add features just for the sake of it though so presently both are very nie to use and of course simple to navigate which is a bonus when trying to sift through all of the information presented to you.
I would also agree its not for everyone I have to admit I'm not sure it's needed here presently but time will of course tell!
This threadhas taken my intrest, as I have background in forensic computing. To label a piece of software "forensic" it must comply with a number of protocols laid down by a number of governing bodies inluding the law. and the methology of obtaing the "data" also is subject to specific protocols.
The ability to monitor activity upon a network does not under any circumstances conform to "forensic investigation" in my work i have had to perform forensic investigations and give evidence in court, and justify every action i do. It is a science in itself and it has taken me years to be respected in this field.
Lets have a little question,
"you have been called out to sieze a computer that has been used in a crime, you are accomanied by police tothe house where upon entry the pc is on and logged on to the internet. under the ACPO how do you make the PC "safe" for forensic investigation.
Ill tel you its a windows XP home edition (depending on the OS depends also whayou do.
1. close ie and logoff, then shut down
2. go start>shutdown
3. ask the accused to logoff
4. pull the plug
5. go to the internet temp internet history and record activity straight in you notebook.
Graceful logoff & shutdown will modify the state of the (file) system. It might even be set to secure wipe history, page files and the like. And I can't see how you can do *anything* prior to that without altering the state of the system and being open to claims of tampering etc. I suppose it would be a bit of a downer if the owner/user happened to have their plausibly deniable virtual disk open at that point, but..
Anyway what's the answer (why and why not the others)?