Most network monitoring tools can’t provide all the information that network administrators, IT managers, security professionals, auditors, software developers, analysts and forensics investigator need to know. The only way to abundantly and absolutely know how your network is being used is to capture the data packets and analyze them in detail. Network consultants know the value of this information, even when it comes with a high manpower cost. They will run a packet sniffer like Wireshark and tcpdump to capture raw network traffic into disk files, and then inspect the data with programs like strings. This yields only a brief and confusing glimpse into traffic data and it is manually intensive and massively time-consuming.
NIT (Network Investigation Toolkit) is an integrated network monitoring and forensics analysis system, developed by Decision Group. NIT is delivered as a complete system with hardware (IBM X200 laptop and 3.5G/HSDPA USB Adapter for remote access by the user) and software pre-installed, ready to be placed in a machine room, NOC or any field deployment. To use NIT, an IT manager or forensics investigator simply connects the system to the mirror port switch at the internet gateway or work as a standalone system in the wireless environment for a real-time capturing of data and reconstruction. The operation quite similar to Intrusion Detection Systems (IDSs), but NIT performs more than what IDS has by reconstructing the raw data captured to the original content format in real time. Apart from both wired and wireless functionality, NIT also includes the integrated features of HTTPS/SSL MITM interception on both LAN and WLAN networks as well as offline analysis and reconstruction of pre-captured raw data files.
NIT is specially designed for law enforcement agencies, police & military intelligent, Criminal Investigation Agencies, National Security Agencies, Cyber Security Agencies, Counter Terrorism Department, Forensics Investigator etc. to conduct the network based forensics investigation be it on a Wired or Wireless LAN networks.
For more information, please visit our website at www.ed-system.sg.
Sunday, January 10, 2010
Friday, August 14, 2009
Wireless-Detective - WLAN Lawful Inteception and Real-Time Reconstruction System
Decision Group’s Wireless-Detective is a complete and comprehensive Wireless LAN (WLAN) legal interception and forensics investigation solution for the intelligence related units/agencies such as police, military, criminal investigation department, national security department etc. In fact, it is the most reliable solution to trace, identify all illegal Wireless LAN Internet activities or transactions and preserve all of this evidence.
Wireless-Detective is the smallest and lightest WLAN forensics investigation tool available. It consists of a small laptop (12.1 inches monitor screen) with Linux base OS integrated with Wireless-Detective software installed. With that small size (mobility), forensic professional can easily carry it out to any places (such as restaurant, shopping mall, airport, cafĂ©, hotspot etc.) for legal interception and forensics investigation task without the notice of the public and most importantly, the suspect/target won’t know about it. With the capability to scan all WLAN channels (802.11a/b/g – 2.4 GHz and 5 GHz frequency bands) to capture/sniff WLAN traffic from available Wi-Fi networks, decrypt WEP encrypted (WPA-PSK optional module) wireless network (automatically or manually), decode and reconstruct captured WLAN raw data, store the raw data captured and store the reconstructed data in its database, and display them in the original and exact content format, it make it the most complete (All-in-One) WLAN interception and forensic investigation tool. Furthermore, the Wireless-Detective user management interface or GUI (accessed through a browser) is very user friendly, easy to operate and manage.
Wireless-Detective is capable of decoding and reconstruct WLAN Internet traffic in real time such as Email (POP3, SMTP, IMAP), Webmail (Gmail, Yahoo Mail, Windows Live Hotmail etc.), Instant Messaging/Chat (MSN/Windows Live Messenger, Yahoo Messenger, IRC, ICQ, QQ, UT Chat Room, Google Talk Gmail, Skype Voice Log), FTP, P2P, Online Game, TELNET, HTTP (URL Link, Content, Reconstruct, Download/Upload, Video Stream) etc. After the decoding and reconstruction of the captured traffic, it displays them in its menu list according to different protocol/category types in exact or original content format. With capability of search by keyword or search by parameter (conditional search), it allows further forensics investigation and analysis to be carried out. This has proven that Wireless-Detective is an All-in-One system (all WLAN investigation work is conducted in one machine) that can speed up the entire investigation process.
Due to these advantages of Wireless-Detective system compare to other available wireless forensic tools, a lot of forensics professionals all over the world have opted to have Wireless-Detective system as their professional tool for legal interception and investigation. For these guys, the mobility (smallest system) of Wireless-Detective and its complete features/functions, reliability and All-in-One solution have won their heart and trust to fight Internet fraud, high tech criminal and terrorism through the usage of Wi-Fi networks.
For more information about Wireless-Detective, please visit our website at www.ed-system.sg.
Wireless-Detective is the smallest and lightest WLAN forensics investigation tool available. It consists of a small laptop (12.1 inches monitor screen) with Linux base OS integrated with Wireless-Detective software installed. With that small size (mobility), forensic professional can easily carry it out to any places (such as restaurant, shopping mall, airport, cafĂ©, hotspot etc.) for legal interception and forensics investigation task without the notice of the public and most importantly, the suspect/target won’t know about it. With the capability to scan all WLAN channels (802.11a/b/g – 2.4 GHz and 5 GHz frequency bands) to capture/sniff WLAN traffic from available Wi-Fi networks, decrypt WEP encrypted (WPA-PSK optional module) wireless network (automatically or manually), decode and reconstruct captured WLAN raw data, store the raw data captured and store the reconstructed data in its database, and display them in the original and exact content format, it make it the most complete (All-in-One) WLAN interception and forensic investigation tool. Furthermore, the Wireless-Detective user management interface or GUI (accessed through a browser) is very user friendly, easy to operate and manage.
Wireless-Detective is capable of decoding and reconstruct WLAN Internet traffic in real time such as Email (POP3, SMTP, IMAP), Webmail (Gmail, Yahoo Mail, Windows Live Hotmail etc.), Instant Messaging/Chat (MSN/Windows Live Messenger, Yahoo Messenger, IRC, ICQ, QQ, UT Chat Room, Google Talk Gmail, Skype Voice Log), FTP, P2P, Online Game, TELNET, HTTP (URL Link, Content, Reconstruct, Download/Upload, Video Stream) etc. After the decoding and reconstruction of the captured traffic, it displays them in its menu list according to different protocol/category types in exact or original content format. With capability of search by keyword or search by parameter (conditional search), it allows further forensics investigation and analysis to be carried out. This has proven that Wireless-Detective is an All-in-One system (all WLAN investigation work is conducted in one machine) that can speed up the entire investigation process.
Due to these advantages of Wireless-Detective system compare to other available wireless forensic tools, a lot of forensics professionals all over the world have opted to have Wireless-Detective system as their professional tool for legal interception and investigation. For these guys, the mobility (smallest system) of Wireless-Detective and its complete features/functions, reliability and All-in-One solution have won their heart and trust to fight Internet fraud, high tech criminal and terrorism through the usage of Wi-Fi networks.
For more information about Wireless-Detective, please visit our website at www.ed-system.sg.
EDDC - Offline Network Packet Reconstruction Tool
E-Detective Decoding Centre (EDDC) is designed as a Linux based centralized system for offline Internet raw data file parsing and reconstruction. It can be used to parser (decode and reconstruct) raw data files in PCAP format collected from different sources. Internet raw data (Internet packets) files can be collected from an Ethernet/LAN network or a WLAN network through different packet capturing or sniffing tools such as Ethereal, Wireshark, tcpdump, WinDump etc.
EDDC comes with specifically designed features that allow different forensic investigators to identify project or case specific offline Internet raw data files for decoding and reconstruction on a system. It allows the administrator to create different user accounts and different cases of investigation for various users or forensic professionals or investigators. The administrator has the flexibility to assign different rights and access levels to different users to manage access to the reconstructed data on different cases. The users can then import their Internet raw data files collected from different sources into the system to carry out the parser and analysing process.
EDDC allows Internet Content Forensics tasks to be carried out easily and systematically in order to obtain a variety of information and evidence needed from the Internet raw data files collected. EDDC also aims to assist Police Intelligence Services, Military Intelligence Organizations, Intelligence Bureaus, National Security Agencies, Government Intelligence Agencies and all forensics related agencies in conducting Internet Content Forensics geared towards enhancing their investigative effort.
For more information, please visit our website at www.ed-system.sg.
EDDC comes with specifically designed features that allow different forensic investigators to identify project or case specific offline Internet raw data files for decoding and reconstruction on a system. It allows the administrator to create different user accounts and different cases of investigation for various users or forensic professionals or investigators. The administrator has the flexibility to assign different rights and access levels to different users to manage access to the reconstructed data on different cases. The users can then import their Internet raw data files collected from different sources into the system to carry out the parser and analysing process.
EDDC allows Internet Content Forensics tasks to be carried out easily and systematically in order to obtain a variety of information and evidence needed from the Internet raw data files collected. EDDC also aims to assist Police Intelligence Services, Military Intelligence Organizations, Intelligence Bureaus, National Security Agencies, Government Intelligence Agencies and all forensics related agencies in conducting Internet Content Forensics geared towards enhancing their investigative effort.
For more information, please visit our website at www.ed-system.sg.
E-Detective - LAN Real-Time Internet Lawful Interception and Reconstruction Tool
E-Detective is a real-time Internet interception, monitoring and forensics system that captures, decodes and reconstructs various types of Internet traffic. It is commonly used for organization Internet and behavioral monitoring, auditing, record keeping, forensics analysis and investigation as well as legal and lawful interception for lawful enforcement agencies such as Police Intelligence, Military Intelligence, Cyber Security Department, National Security Agencies, Criminal Investigation Agencies, Counter Terrorism Agencies etc. It also provides compliance solution for many standards or acts like Sarbanes Oxley Act (SOX), HIPAA, GLBA, SEC, NASD, E-Discovery and many others.
E-Detective is capable to decode, reassembly and reconstruct various Internet applications and services such as Email (POP3, IMAP and SMTP), Webmail (Yahoo Mail, Windows Live Hotmail, Gmail etc.), Instant Messaging (Yahoo, MSN, ICQ, QQ, Google Talk, IRC, UT Chat Room, Skype), File Transfer (FTP, P2P), Online Games, Telnet, HTTP (Link, Content, Reconstruct, Upload and Download, Video Streaming), VOIP (optional module) etc.
E-Detective comes with wide variety of management and administrative functions and features. It provides you various types of report with Top-Down View. Reports that can be created include Total Throughput Statistical Report, Network Service Report (Daily, Weekly basis), Top Websites etc. All statistics can be displayed in per IP Address or per User Account basis.
E-Detective also provides varieties of search functions. It provides Free Text Search (search by Key Words with Boolean support), Conditional Search, Similar Search and Association with Relationship Search. It also comes with Alert and Notification (Throughput, Conditional and Key Words Alert) functions that allow the network administrator to setup different alert rules and parameters. This allows alert to be triggered (email to be sent to administrator) once the specified content is found in the captured and reconstructed content.
Backup function allows user to backup the captured raw data files or reconstructed contents. User can setup auto backup to backup these files to external drive (NAS or SAN) through FTP upload method. Besides, user can opt for manually backup these files by burning them into CD/DVD or even downloaded them to a local hard drive/PC.
Other functions available are like Bookmark, Capture File List (Comparing the content of two files), Online IP List, Authority Assignment, Syslog Server etc.
Others functions include hashed export (backup), file content comparison etc.
Fore more information, please visit our website at www.ed-system.sg.
For Online Demo Viewing, please CLICK HERE.
E-Detective System Implementation:
Mirror Mode Implementation
Bridge Mode Implementation
E-Detective is capable to decode, reassembly and reconstruct various Internet applications and services such as Email (POP3, IMAP and SMTP), Webmail (Yahoo Mail, Windows Live Hotmail, Gmail etc.), Instant Messaging (Yahoo, MSN, ICQ, QQ, Google Talk, IRC, UT Chat Room, Skype), File Transfer (FTP, P2P), Online Games, Telnet, HTTP (Link, Content, Reconstruct, Upload and Download, Video Streaming), VOIP (optional module) etc.
E-Detective comes with wide variety of management and administrative functions and features. It provides you various types of report with Top-Down View. Reports that can be created include Total Throughput Statistical Report, Network Service Report (Daily, Weekly basis), Top Websites etc. All statistics can be displayed in per IP Address or per User Account basis.
E-Detective also provides varieties of search functions. It provides Free Text Search (search by Key Words with Boolean support), Conditional Search, Similar Search and Association with Relationship Search. It also comes with Alert and Notification (Throughput, Conditional and Key Words Alert) functions that allow the network administrator to setup different alert rules and parameters. This allows alert to be triggered (email to be sent to administrator) once the specified content is found in the captured and reconstructed content.
Backup function allows user to backup the captured raw data files or reconstructed contents. User can setup auto backup to backup these files to external drive (NAS or SAN) through FTP upload method. Besides, user can opt for manually backup these files by burning them into CD/DVD or even downloaded them to a local hard drive/PC.
Other functions available are like Bookmark, Capture File List (Comparing the content of two files), Online IP List, Authority Assignment, Syslog Server etc.
Others functions include hashed export (backup), file content comparison etc.
Fore more information, please visit our website at www.ed-system.sg.
For Online Demo Viewing, please CLICK HERE.
E-Detective System Implementation:
Mirror Mode Implementation
Bridge Mode Implementation
Thursday, August 13, 2009
Wireshark for Network Packet Analysis
Wireshark is a free packet sniffer and analyzer tool. It is commonly used for network troubleshooting, analysis, software and communications protocol development and education. Previously, it is known as Ethereal.
Wirehsark is very similar to tcpdum but it has a GUI and many more information sorting and filtering options. It provides user the capability to analyze network packets of various protocols in details.
Example 1: HTTP Client Web Access Packet Analysis Using Wireshark
Example 2: SMTP Email Acess Packet Analysis Using Wireshark
For a complete understanding and usage of Wireshark and other network packet analyzer and reconstruction tools, you may consider attending the Network Packet Forensics Analysis Training Course conducted by Decision Group. Click Here for more information.
Wednesday, August 12, 2009
Network Forensics Analysis and Reconstruction Tools
I have come across and use some of the network forensics analysis tools and systems. I will just list out some of the common tools that network administrators, forensics analyst and investigator normally use. Of course, some are open source and some are paid license tools.
Network Packet Sniffer and Analyzer:
Wireshark (most common Linux and Windows packet analyzer tool use)
tcpdump/WinDump (another common tool - for Linux and Windows)
Kismet
EtterCap
PacketMon
Colasoft Capsa
CommView
WildPackets OmniPeek
KisMac
Network Packet Reconstruction Tool:
E-Detective (Real-Time LAN interception and reconstruction system)
EDDC (Offline raw data packets reconstruction system)
Wireless-Detective (Real-Time WLAN interception and reconstruction system)
VoIP-Detective (Voice over IP interception and reconstruction system)
Network Miner
Niksun NetDetector
NetWitness
Xplico
In coming write up, I will write more about all the above tools and some applications. Stay tune!
Network Packet Sniffer and Analyzer:
Wireshark (most common Linux and Windows packet analyzer tool use)
tcpdump/WinDump (another common tool - for Linux and Windows)
Kismet
EtterCap
PacketMon
Colasoft Capsa
CommView
WildPackets OmniPeek
KisMac
Network Packet Reconstruction Tool:
E-Detective (Real-Time LAN interception and reconstruction system)
EDDC (Offline raw data packets reconstruction system)
Wireless-Detective (Real-Time WLAN interception and reconstruction system)
VoIP-Detective (Voice over IP interception and reconstruction system)
Network Miner
Niksun NetDetector
NetWitness
Xplico
In coming write up, I will write more about all the above tools and some applications. Stay tune!
Network Forensics Blog Borns!
Great! It is a wonderful night and this is a new blog that I have created. As my interest in on Digital Forensics (most appropriately Network Forensics), so I decided to create this blog to share my idea and knowledge with all of you.
What is Network Forensics?
Network Forensics involving the collection of network packets from Wired or Wireless Networks, analysing, recoverig the information from the packets back to the original content format and reporting themin presentable and forensics sound manner in the court of law. The network packets collected may contain different service categories cush as Email, Webmail, Instant Messaging, File Tranfer (FTP, P2P Sharing), HTTP Web Browsing, Telnet etc.
Stay tune! More to come!
What is Network Forensics?
Network Forensics involving the collection of network packets from Wired or Wireless Networks, analysing, recoverig the information from the packets back to the original content format and reporting themin presentable and forensics sound manner in the court of law. The network packets collected may contain different service categories cush as Email, Webmail, Instant Messaging, File Tranfer (FTP, P2P Sharing), HTTP Web Browsing, Telnet etc.
Stay tune! More to come!
Subscribe to:
Posts (Atom)