The Technician is in charge of infection rules to retrieve important information. Some typical procedures are described below with references to significant chapters. These are only simple indications. Skill and ability are essential to exploit RCS flexibility and adapt it to investigation needs.
Network Injector must be used for injections on HTTP connections:
Step | Action |
---|---|
1 |
In the System, Network Injector section, create identification and injection rules for Network Injector Appliance and Tactical Network Injector. See "Managing the Network Injector" NOTE: no agent installation is required. |
2 |
When using Network Injector Appliance, the system applies the identification rules to data traffic. Once target devices are found, they are infected with the injection rules. Or they can be automatically or manually identified and infected using Tactical Network Injector. |
To infect a computer not connected to Internet
Step | Action |
---|---|
1 |
Create a factory by disabling synchronization on the operation level, see "Operation page". Or create a factory on the target level always without synchronization, see "Target page" |
2 |
Compile the factory selecting the installation vector suited to the device platform and installation method, then create the agent. |
3 |
Install the agent on the target device with the selected methods. |
4 |
After the required amount of time, retrieve evidence produced on the target device. |
5 |
Import agent evidence and analyze it. |
To infect a computer connected to Internet
Tip: these steps are essential when you do not initially know which target activities to record or to avoid recording an excessive amount of data.
Step | Action |
---|---|
1 |
Create a factory: the system automatically enables synchronization. |
2 |
Compile the factory selecting the installation vector suited to the device platform and installation method, then create the agent. |
3 |
Install the agent on the target device with the selected methods. |
4 |
The agent appears in the target page at first synchronization. |
5 |
Reset the agent using the basic or advanced configuration. The agent applies the new configuration at the next synchronization. |
HackingTeam cyclically updates its software. To update installed agents:
Step | Action |
---|---|
1 |
or
|
RCS9.5 | User manual | © COPYRIGHT 2014