1 / 44

E - Detective Series of Products Presentation (2009)

E - Detective Series of Products Presentation (2009). Decision Group www.edecision4u.com. Presentation Content - Agenda. E-Detective – LAN Interception & Monitoring. Wireless-Detective – WLAN Interception & Monitoring. E-Detective Decoding Centre – Offline Reconstruction.

jeslyn
Download Presentation

E - Detective Series of Products Presentation (2009)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-DetectiveSeries of Products Presentation (2009) Decision Group www.edecision4u.com

  2. Presentation Content - Agenda E-Detective – LAN Interception & Monitoring Wireless-Detective – WLAN Interception & Monitoring E-Detective Decoding Centre – Offline Reconstruction HTTPS/SSL Interceptor – Decrypt HTTPS Traffic VoIP-Detective

  3. 1. Introduction to E-Detective LAN Internet Monitoring, Data and Record Keeping & Network Content Forensics Analysis Solution Solution for: • Organization Internet Monitoring/Network Behavior Recording • Auditing and Record Keeping for Banking and Finance Industry • Forensics Analysis and Investigation, • Legal and Lawful Interception (LI) Compliance Solution for: Sarbanes Oxley Act (SOX), HIPAA, GLBA, SEC, NASD, E-Discovery etc. E-Detective Standard System Models and Series (Appliance based) User can also opt to purchase software license only from us and use their own hardware/server. FX-06 FX-30 FX-100 FX-120

  4. Capture Packets Reassemble & Decode E-Detective Architecture Display Reports Reconstruct Back to Actual Content Store Save Archive E-Detective Architecture 1010101010 10100101010 Using port-mirroring or SPAN port 1010101010 1001100111 1011011101 1100011011 Email Webmail IM/Chat HTTP File Transfer Telnet

  5. E-Detective Implementation Mode (1) Organization or Corporate Network Deployment

  6. E-Detective Implementation Mode (2) Telco/ISP Lawful Interception

  7. E-Detective Sample Screenshots - Reports Homepage – Top-Down Drill to Details Reporting

  8. Email Webmail HTTP (Link, Content, Reconstruct, Upload Download) IM/Chat (Yahoo, MSN, ICQ, QQ, IRC, Google Talk Etc.) File Transfer FTP, P2P Others Online Games Telnet etc. E-Detective Internet Protocols Supported

  9. Sample: Email (POP3, SMTP, IMAP)

  10. Sample: Webmail (Read/Sent) – Y! Mail, Gmail etc. Webmail Type: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail and others

  11. Sample: Instant Messaging -Yahoo, MSN, ICQ etc.

  12. Sample: File Transfer – FTP Upload/Download

  13. Sample: File Transfer – P2P File Sharing Supports P2P such as Bittorent, eMule/eDonkey, Fasttrack, Gnutella

  14. Sample: HTTP (Link, Content and Reconstruction) Whois function provides you the actual URL Link IP Address HTTP Web Page content can be reconstructed

  15. Sample: HTTP Upload/Download

  16. Sample: HTTP Video Streaming Playback of Video File Video Stream (FLV format): Youtube, Google Video, Metacafe.

  17. Sample: Telnet (with Play Back)

  18. Admin: System Access Authority Assignment Authority – Visibility and Operation in Group(with Userdefined) Authority - Visibility Authority - Operation Authority Groups with Users

  19. Export & Backup – Auto (by FTP) and Manual Auto (with FTP) Backup Manual Backup Download ISO or Burn in to CD/DVD Reserved Raw Data Files and Backup Reconstructed Data Comes with Hashed Export Function

  20. Alert and Notification – Alert with Content Alert configured from different service categories and different parameters such as key word, account, IP etc. Alert can be sent to Administrator by Email or SMS if SMS Gateway is available. Throughput alert function also available!

  21. Search – Free Text, Condition, Association Complete Search – Free Text Search, Conditional Search, Similar Search and Association Search Conditional Search Free Text Search Association Search

  22. File Checksum (Hash) – Check File Content Integrity Shows the file lists and user can import files to check and compare with the files that has been captured by the system. Compare file content integrity. Abuser might have changed file name and send out the file to competitor.

  23. Bookmark (for Review Next Time) Bookmark items and allow the review of the items. Bookmark items can also be exported.

  24. Reporting – Network Service Usage - Daily Drill Down Reporting Capabilities

  25. Reporting – Network Service Usage - Weekly Drill Down Reporting Capabilities

  26. Reporting – Top Websites Viewed (Users)

  27. Reporting – Daily Excel Log Report Manually or Automatically Generate Daily Log Report In Excel File Format.

  28. 2. Introduction to Wireless-Detective System Wireless-Detective System WLAN Analytics/Forensics/Legal and Lawful Interception System • Scan all WLAN 802.11a/b/g/n2.4 and 5.0 GHz channels for AP and STA. • Captures/sniffs WLAN 802.11a/b/g/n packets. • Real-time decryption of WEP key (WPA Optional Module) • Real-time decoding and reconstruction of WLAN packets • Stores data in raw and reconstructed content • Displays reconstructed content in Web GUI • Hashed export and backup The Smallest, Mobile, Portable and most Complete WLAN Lawful Interception System in the World! All in One System! Important Toolfor Intelligent Agencies such as Police, Military, Forensics, Legal and Lawful Interception Agencies. Notes: Pictures and logo are property of designated source or manufacturer

  29. Wireless-Detective – Implementation (1) Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using enhanced system with High Gain Antenna) WLAN Lawful Interception –Standalone Architecture Wireless-Detective Deployment (Capture a single channel, a single AP or a single STA)

  30. Wireless-Detective – Implementation (2) Wireless-Detective Extreme Implementation Utilizing multiple/distributed Wireless-Detective systems (Master – Slave) to conduct simultaneous capture, forbidding and location estimation functions. WLAN Lawful Interception Distributed Architecture Wireless-Detective Deployment (Utilizing min. of 2 systems for simultaneous (Master & Slaves) capturing/forbidding functions. Capture a single channel, a single AP or a single STA) Notes: For capturing multiple channels, each Wireless-Detective (WD) can reconfigure/act as standalone system. For example: Deploy 4 WD systems with each capturing on one single channel.

  31. AP & STA Information – Capture Mode Displaying information of Wireless Devices (AP) in surrounding area. Obtainable Information: MAC of Wireless AP/Router, Channel, Mbps, Key, Signal Strength, Beacons, Packets, SSID, Number of Stations Connected.

  32. Cracking/Decryption of WEP and WPA Key WEP Key Cracking/Decryption can be done by Wireless-Detective System! Auto Cracking (System Default)or Manual Cracking • WEP Key Cracking/Decryption:-- (64, 128, 256 bit key) • Active Crack – By utilizing ARP packet injection (possibly 5-20 minutes) • Passive Crack – Silently collect Wireless LAN packets • 64-bit key – 10 HEX (100-300MB raw data/100K-300K IVs collected) • 128-bit key – 26 HEX (150-500MB raw data/150K-500K IVs collected) • 2) WPA-PSK Key Cracking/Decryption:-- (Optional Module Available) • WPA-PSK cracking is an optional module. By using external server with • Smart Password List and GPU Acceleration Technology, WPA-PSK key • can be recovered/cracked. • Notes: • The time taken to decrypt the WEP key by passive mode depends on amount network activity. • The time to crack WPA-PSK key depends on the length and complexity of the key. Besides, it is • compulsory to have the WPA-PSK handshakes packets captured.

  33. Cracking/Decryption of WEP Key Automatic: System auto crack/decrypt WEP key (default)Manual: Capture raw data and crack/decrypt WEP key manually Automatic Cracking Key Obtained

  34. Email Webmail HTTP (Link, Content, Reconstruct, Upload Download) IM/Chat (Yahoo, MSN, ICQ, QQ, IRC, Google Talk Etc.) File Transfer FTP, P2P Others Online Games Telnet etc. Wireless-Detective- Internet Protocols Supported

  35. Wireless-Detective – Unique Advantages/Benefits • Smallest, portable, mobile and light weight WLAN legal interception system. This allows easy tracking and capturing of suspect’s Internet activities especially suspect moves from one place to another. Suspect won’t notice WD existence as it looks like normal laptop. • Detectsunauthorized WLAN access/intruders (IDS). • Providesdetailed information of AP, Wireless Routers and Wireless Stations (such as channel, Mbps, security (encryption), IP, signal strength, manufacturer, MAC) • Provides capturing of WLAN packets from single channel, AP, STA or multiple channels by deploying distributed/multiple systems. That also means flexibility and scalability of deployment solution. • Provides decryption of Wireless key, WEP key (WPA cracking is optional module) • Providesdecoding and reconstruction of different Internet services/protocols on the fly, reconstructed data is displayed in original content format on local system Web GUI. • Supports reserving of raw data captured (for further analysis if required) and archiving of reconstructed at with hashed export functions. • Supportscondition/parameter search and free text search. • Supportsalert by condition/parameter. • Provides Wireless forbidding/jamming function • Provides Wireless Equipment Locator function. • The All-in-One Mobile WLAN Interception System

  36. 3. Introduction to EDDC System • EDDC is a tool specially designed for Offline Internet raw data files (PCAP format) reconstruction and analysis. • It allows Administrator to create and manage user and case easily with user management and case management functions. Different authority and accessibility can be created for different users. • The system is able to reconstruct Internet application/services like Email (POP3, SMTP, IMAP), Webmail (Yahoo Mail, Gmail, Hotmail etc.) IM (Yahoo, MSN, ICQ, QQ, UT, IRC, Google Talk, Skype Voice Call Log), File Transfer (FTP, P2P), HTTP (Link, Content, Reconstruct, Upload/Download, Video Stream), Telnet, Online Games, VoIP (Yahoo), Webcam (Yahoo, MSN). User and Case Management – Raw Data Decoding and Reconstruction – Data Search – Data Export and Backup – Online Raw Data Reserving

  37. EDDC Implementation Diagram Offline Raw Data Decoding and Reconstruction system. Comes with User and Case Management functions. Collect, Import Raw Data For Case 1 Case 1 Investigator 1 Case 1 Case 1 Results Collect, Import Raw Data For Case 2 Case 2 Investigator 2 Case 2 Case 2 Results

  38. Email Webmail HTTP (Link, Content, Reconstruct, Upload Download) IM/Chat (Yahoo, MSN, ICQ, QQ, IRC, Google Talk Etc.) File Transfer FTP, P2P Others Online Games Telnet etc. EDDC- Internet Protocols Supported

  39. 4. Introduction to HTTPS/SSL Interceptor • Decrypt HTTPS/SSL web page traffic, decode and reconstruct the traffic. • 2 Modes of Operation or Implementation: • 1. Man in the Middle Attack (MITM) • 2. Proxy Mode Implementation (in New Version) • 3. Offline Method(Decrypting HTTPS raw data with Private Key Available) • Login username and passwords can be captured. For example, Google/Gmail login, Hotmail login, Yahoo Mail login, Amazon login username/password etc. can be obtained. To view encrypted content, a key is a needed

  40. 5. Introduction to VoIP-Detective System • Capable to capture, decode and reconstruct VoIP RTP sessions. • Supports SIP and H.323. • Supported CODECS: G.711-a law, G.711-u law, G.729, G.723, G.726 and ILBC. • Capable to play back VoIP sessions.

  41. VoIP-Detective System Implementation

  42. Sample: Reconstructed VoIP Calls with Playback Date/Time, Account, Caller No, Called No, Mode, Type, CODEC, File Name and Time/Duration Play back of reconstructed VoIP audio file using Media Player

  43. References – Implementation Sites and Customers • Criminal Investigation Bureau • The Bureau of Investigation Ministry of Justice • National Security Agency (Bureau) in various countries • Intelligence Agency in various countries • Ministry of Defense in various countries • Counter/Anti Terrorism Department • National Police, Royal Police in various countries • Government Ministries in various countries • Federal Investigation Bureau in various countries • Telco/Internet Service Provider in various countries • Banking and Finance organizations in various countries • Others Notes: Due to confidentiality of this information, the exact name and countries of the various organizations cannot be revealed.

  44. Thank You ! E-Detective Online Demo https://60.251.127.208 (root/000000) Presented by Frankie Chan Decision Computer Group frankie@decision.com.tw www.edecision4u.com

More Related