E-Detective Series of Products Decision Computer Group of Company Website: www.edecision4u.com Email: email@example.com;
Agenda • Introduction to E-DetectiveSeries of Products • E-Detective • Wireless-Detective • E-DetectiveDecoding Center (EDDC/XDDC) • HTTPS/SSL Network Forensics Device • WatchGuard.WLAN • VOIP Interception • Uniqueness of Decision Computer Group • References • Others Offering
E-Detective (LAN Internet Monitoring/Interception System)
Solution for: • Organization Internet Monitoring/Network Behavior Recording • Auditing and Record Keeping, • Forensics Analysis and Investigation, • Legal and Lawful Interception (LI) • Others E-Detective Compliance Solution for: Sarbanes Oxley Act (SOX) HIPAA, GLBA, SEC, NASD, E-Discovery etc. E-Detective Architecture/Work Flow 010101010 10010101010 E-Detective Standard System Models and Series FX-100 FX-120 FX-06 FX-30
E-Detective Implementation Diagram (1) Organization Internet Monitoring and Interception System
E-Detective Implementation Diagram (2) Telco and ISP Internet Lawful Interception (LI) Solution Real-Time/Online Decoding and Reconstruction Offline Decoding and Reconstruction Nationwide Internet Monitoring for Protecting National Security
Decoding and Reconstruction – Protocols Supported • Email POP3, SMTP, IMAP • Webmail (Read and Sent) Yahoo Mail (Standard and Beta/2.0), Windows Live Hotmail, Gmail, Giga Mail etc. 3. IM/Chat Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ, Google Talk, IRC, UT Chat Room, Skype call session/duration • File Transfer– FTP • File Transfer – P2P Bittorent, eMule/eDonkey, Gnutella, Fasttrack 5. HTTP Link, Content, Reconstruct, Upload/Download, Video Stream • Online Game Maplestory, RO, Kartrider, FairyLand, Hero, WonderLand etc. • Telnet/BBS • VOIP Yahoo Messenger – reconstructed back to GIPS format • Webcam Yahoo and MSN Messenger
E-Detective – Sample Web Mail (Read) Webmail: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail, Hinet etc.
E-Detective – Sample Web Mail (Sent) Webmail: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail, Hinet etc.
E-Detective – Sample File Transfer – P2P P2P Protocols: Bittorent, eDonkey/eMule, Fasttrack etc.
E-Detective – Sample HTTP – Link/Content/Reconstruct Whois function provides you the actual URL Link IP Address HTTP Web Page content can be reconstructed
E-Detective – Sample HTTP Video Stream Playback of Video File Video Stream (FLV format): Youtube, Google Video, Metacafe.
E-Detective – Sample TELNET Playback of Telnet Session
E-Detective– Authority Assignment Authority – Visibility and Operation in Group(with Userdefined) Authority - Visibility Authority - Operation Authority Groups with Users
E-Detective– Backup – Auto-FTP/Manual Auto-FTP Backup Manual Backup Download ISO or Burn in to CD/DVD Reserved Raw Data Files and Backup Reconstructed Data Comes with Hashed Export Function
E-Detective– Alert – Alert with Content Alert configured from different service categories and different parameters such as key word, account, IP etc. Alert can be sent to Administrator by Email or SMS if SMS Gateway is available.
E-Detective– Search Search – Free Text Search, Conditional Search, Similar Search and Association Search Conditional Search Free Text Search Association Search
Wireless-Detective (WLAN/802.11a/b/g Interception System)
Wireless-Detective - Introduction Wireless-Detective System WLAN Analytics/Forensics/Legal Interception System • Scan all WLAN 802.11a/b/g 2.4 and 5.0 GHz channels for AP and STA • Captures/sniffs WLAN 802.11a/b/g packets. • Decrypt WEP key (WPA Optional Module) • Decodes and reconstructs WLAN packets • Stores data in raw and reconstructed content • Displays reconstructed content in Web GUI • Hashed export and archive Smallest and most complete WLAN Interception System in the World! All in One System! Important Toolfor Intelligent Agencies such as Police, Military, Forensics, Legal and Lawful Interception Agencies.
Wireless-Detective – Implementation Diagram (1) Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using Enhanced System with High Gain Antenna) WLAN Interception Standalone Architecture Deployment (Capture a single channel, a single AP or a single STA)
Wireless-Detective – Implementation Diagram (2) Wireless-Detective Extreme System - Utilizing multiple/distributed Wireless-Detective systems (Master – Slave) to conduct simultaneous capture, forbidding and location estimation functions. WLAN Interception Distributed Architecture Deployment (Utilizing min. of 2 systems for simultaneously (Master & Slaves capturing/forbidding functions. Capture a single channel, a single AP or a single STA) Note: For capturing multiple channels, each Wireless-Detective (WD) can reconfigure/act as standalone system. For example deploy 4 WD systems with each capturing on one single channel.
Wireless-Detective – Implementation Diagram (3) Wireless-Detective Standalone Systems Multiple Channels Capturing Utilizing more than 1 Wireless-Detective to capture different channels. WLAN Interception Standalone – Multiple Channels Capturing Single WD for single channel capturing. Multiple WD for multiple channel capturing Note: The advantage to have multiple WD systems is you have the flexibility to deploy distributed architecture (for capturing single channel/target) or you can split it for standalone system deployment for multiple channels capturing.
Wireless-Detective– AP/STA Information – Capture Mode Displaying information of Wireless devices (AP/STA) in surrounding area.
Wireless-Detective– AP/STA Information – Forbidder Mode Displaying information of Wireless devices (AP/STA) in surrounding area.
Wireless-Detective– Forbidder Mode Implementation • WLAN Jammer/Forbidder Implementation • Forbid connectivity of STA • Forbid connectivity of AP
Cracking/Decryption of WEP/WPA Key (1) WEP Key Cracking/Decryption can be done by Wireless-Detective System! Auto Cracking (system default)or Manual Cracking 1) WEP Key Cracking/Decryption:-- (64, 128, 256 bit key) Proactive Crack and Passive Crack Proactive/Active Crack – By utilizing ARP Injection Passive Crack – Silently collecting Wireless LAN packets 64-bit key – 10 HEX (100-300MB raw data/100K-300K IVs collected) 128-bit key – 26 HEX (150-500MB raw data/150K-500K IVs collected) 2) WPA Key Cracking/Decryption:-- (Optional Module Available) WPA-PSK cracking is an optional module. By using external server with Smart Password List and GPU acceleration technology, WPA-PSK key can be recovered/cracked. Notes: The time taken to decrypt the WEP key by passive mode depends on amount network activity. The time to crack WPA-PSK key depends on the length and complexity of the key. Besides, it is compulsory to have the WPA-PSK handshakes packets captured.
Cracking/Decryption of WEP Key (2) Automatic: System auto crack/decrypt WEP key (default)Manual: Capture raw data and crack/decrypt WEP key manually Cracking Manually
Cracking/Decryption of WEP Key (3) WEP Key Cracked!
Wireless-Detective – WPA Cracking Solution WPA-PSK Cracking Solution WPA Handshake packets need to be captured for cracking WPA key. Utilize Single Server or Distributed Servers (multiple smart password list attack simultaneously) to crack WPA key. Acceleration technology: GPU Acceleration Note: WPA handshakes packet can be captured by Standalone Wireless-Detective system or Distributed Wireless-Detective systems.
Cracking/Decryption of WPA-PSK Key WPA/WPA2-PSK cracking module is optional (dedicated server). Application: Utilizing Smart Password List attack and GPU technology (Graphic Cards) to recover or crack the WPA/WPA2-PSK Key. Supported WPA: WPA-PSK (TKIP) and WPA2-PSK (AES). Speed: up to 30 times faster than normal CPU. GPU supported: NVIDIA and ATI
Decoding and Reconstruction – Protocols supported • Email POP3, SMTP, IMAP • Webmail (Read and Sent) Yahoo Mail (Standard and Beta/2.0), Windows Live Hotmail, Gmail, Giga Mail etc. 3. IM/Chat Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ, Google Talk, IRC, UT Chat Room, Skype call session/duration • File Transfer– FTP • File Transfer – P2P Bittorent, eMule/eDonkey, Gnutella, Fasttrack 5. HTTP Link, Content, Reconstruct, Upload/Download, Video Stream • Online Game Maplestory, RO, Kartrider, FairyLand, Hero, WonderLand etc. • Telnet/BBS • VOIP Yahoo Messenger – reconstructed back to GIPS format • Webcam Yahoo and MSN Messenger
Wireless-Detective GUI – Sample Email – POP3 Date/Time, From, To, CC, Subject, Account, Password
Wireless-Detective GUI – Sample Web Mail (Read) Date/Time, Content, Web Mail Type
Wireless-Detective – Sample Web Mail (Sent) Date/Time, Form, To, CC, BCC, Subject, Webmail Type
Wireless-Detective – Sample IM/Chat – MSN Date/Time, User Handle, Participant, Conversation, Count
Wireless-Detective – Sample IM/Chat – Yahoo Date/Time, Screen Name, Participant, Conversation, Count Including VOIP and Webcam sessions reconstruction and playback
Wireless-Detective – Sample File Transfer - FTP Date/Time, Account, Password, Action, FTP Server IP, File Name
Wireless-Detective – Sample Peer to Peer – P2P Date/Time, Port, Peer Port, Tool, File Name, Action, Hash
Wireless-Detective – Sample Telnet Date/Time, Account, Password, Server IP, File Name Playback of TELNET Session
Wireless-Detective – Sample HTTP – Link/Content/Reconstruct Date/Time, URL Reconstructed Web Pages
Wireless-Detective – Sample HTTP – Upload/Download Date/Time, Action, File Name, HTTP Download/Upload URL, Size
Wireless-Detective – Sample Online Games Date/Time, MAC Address, Port, Peer Port, Game Name
Wireless-Detective – Search – Conditional/Free Text Search by Parameters/Conditions Free Text Search
Wireless-Detective – Alertand Notification by Condition Alert Administrator by Parameters/Conditions
Wireless-Detective – Wireless Equipment Locator Utilizes Wireless Sensors and Triangulation Training Methods to estimate the location of the targeted Wireless Devices. 1 WD Master system + min. 3 WD Slave systems (sensors) Note: WatchGuard.WLAN can be used in place of WD slave systems for this Wireless Equipment Locator function)