E - Detective Series of Products - PowerPoint PPT Presentation

e detective series of products n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
E - Detective Series of Products PowerPoint Presentation
Download Presentation
E - Detective Series of Products

play fullscreen
1 / 64
E - Detective Series of Products
229 Views
Download Presentation
finola
Download Presentation

E - Detective Series of Products

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. E-Detective Series of Products Decision Computer Group of Company Website: www.edecision4u.com Email: frankie@decision.com.tw;

  2. Agenda • Introduction to E-DetectiveSeries of Products • E-Detective • Wireless-Detective • E-DetectiveDecoding Center (EDDC/XDDC) • HTTPS/SSL Network Forensics Device • WatchGuard.WLAN • VOIP Interception • Uniqueness of Decision Computer Group • References • Others Offering

  3. E-Detective (LAN Internet Monitoring/Interception System)

  4. Solution for: • Organization Internet Monitoring/Network Behavior Recording • Auditing and Record Keeping, • Forensics Analysis and Investigation, • Legal and Lawful Interception (LI) • Others E-Detective Compliance Solution for: Sarbanes Oxley Act (SOX) HIPAA, GLBA, SEC, NASD, E-Discovery etc. E-Detective Architecture/Work Flow 010101010 10010101010 E-Detective Standard System Models and Series FX-100 FX-120 FX-06 FX-30

  5. E-Detective Implementation Diagram (1) Organization Internet Monitoring and Interception System

  6. E-Detective Implementation Diagram (2) Telco and ISP Internet Lawful Interception (LI) Solution Real-Time/Online Decoding and Reconstruction Offline Decoding and Reconstruction Nationwide Internet Monitoring for Protecting National Security

  7. Decoding and Reconstruction – Protocols Supported • Email POP3, SMTP, IMAP • Webmail (Read and Sent) Yahoo Mail (Standard and Beta/2.0), Windows Live Hotmail, Gmail, Giga Mail etc. 3. IM/Chat Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ, Google Talk, IRC, UT Chat Room, Skype call session/duration • File Transfer– FTP • File Transfer – P2P Bittorent, eMule/eDonkey, Gnutella, Fasttrack 5. HTTP Link, Content, Reconstruct, Upload/Download, Video Stream • Online Game Maplestory, RO, Kartrider, FairyLand, Hero, WonderLand etc. • Telnet/BBS • VOIP Yahoo Messenger – reconstructed back to GIPS format • Webcam Yahoo and MSN Messenger

  8. E-Detective – Homepage – Dashboard with Reports

  9. E-Detective – Sample Email – POP3/SMTP/IMAP

  10. E-Detective – Sample Web Mail (Read) Webmail: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail, Hinet etc.

  11. E-Detective – Sample Web Mail (Sent) Webmail: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail, Hinet etc.

  12. E-Detective – Sample IM/Chat – MSN, Yahoo etc.

  13. E-Detective – Sample File Transfer - FTP

  14. E-Detective – Sample File Transfer – P2P P2P Protocols: Bittorent, eDonkey/eMule, Fasttrack etc.

  15. E-Detective – Sample HTTP – Link/Content/Reconstruct Whois function provides you the actual URL Link IP Address HTTP Web Page content can be reconstructed

  16. E-Detective – Sample HTTP Video Stream Playback of Video File Video Stream (FLV format): Youtube, Google Video, Metacafe.

  17. E-Detective – Sample TELNET Playback of Telnet Session

  18. E-Detective– Authority Assignment Authority – Visibility and Operation in Group(with Userdefined) Authority - Visibility Authority - Operation Authority Groups with Users

  19. E-Detective– Backup – Auto-FTP/Manual Auto-FTP Backup Manual Backup Download ISO or Burn in to CD/DVD Reserved Raw Data Files and Backup Reconstructed Data Comes with Hashed Export Function

  20. E-Detective– Online IP List with IP/Account Report

  21. E-Detective– Alert – Alert with Content Alert configured from different service categories and different parameters such as key word, account, IP etc. Alert can be sent to Administrator by Email or SMS if SMS Gateway is available.

  22. E-Detective– Search Search – Free Text Search, Conditional Search, Similar Search and Association Search Conditional Search Free Text Search Association Search

  23. Wireless-Detective (WLAN/802.11a/b/g Interception System)

  24. Wireless-Detective - Introduction Wireless-Detective System WLAN Analytics/Forensics/Legal Interception System • Scan all WLAN 802.11a/b/g 2.4 and 5.0 GHz channels for AP and STA • Captures/sniffs WLAN 802.11a/b/g packets. • Decrypt WEP key (WPA Optional Module) • Decodes and reconstructs WLAN packets • Stores data in raw and reconstructed content • Displays reconstructed content in Web GUI • Hashed export and archive Smallest and most complete WLAN Interception System in the World! All in One System! Important Toolfor Intelligent Agencies such as Police, Military, Forensics, Legal and Lawful Interception Agencies.

  25. Wireless-Detective – Implementation Diagram (1) Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using Enhanced System with High Gain Antenna) WLAN Interception Standalone Architecture Deployment (Capture a single channel, a single AP or a single STA)

  26. Wireless-Detective – Implementation Diagram (2) Wireless-Detective Extreme System - Utilizing multiple/distributed Wireless-Detective systems (Master – Slave) to conduct simultaneous capture, forbidding and location estimation functions. WLAN Interception Distributed Architecture Deployment (Utilizing min. of 2 systems for simultaneously (Master & Slaves capturing/forbidding functions. Capture a single channel, a single AP or a single STA) Note: For capturing multiple channels, each Wireless-Detective (WD) can reconfigure/act as standalone system. For example deploy 4 WD systems with each capturing on one single channel.

  27. Wireless-Detective – Implementation Diagram (3) Wireless-Detective Standalone Systems Multiple Channels Capturing Utilizing more than 1 Wireless-Detective to capture different channels. WLAN Interception Standalone – Multiple Channels Capturing Single WD for single channel capturing. Multiple WD for multiple channel capturing Note: The advantage to have multiple WD systems is you have the flexibility to deploy distributed architecture (for capturing single channel/target) or you can split it for standalone system deployment for multiple channels capturing.

  28. Wireless-Detective– AP/STA Information – Capture Mode Displaying information of Wireless devices (AP/STA) in surrounding area.

  29. Wireless-Detective– AP/STA Information – Forbidder Mode Displaying information of Wireless devices (AP/STA) in surrounding area.

  30. Wireless-Detective– Forbidder Mode Implementation • WLAN Jammer/Forbidder Implementation • Forbid connectivity of STA • Forbid connectivity of AP

  31. Cracking/Decryption of WEP/WPA Key (1) WEP Key Cracking/Decryption can be done by Wireless-Detective System! Auto Cracking (system default)or Manual Cracking 1) WEP Key Cracking/Decryption:-- (64, 128, 256 bit key) Proactive Crack and Passive Crack Proactive/Active Crack – By utilizing ARP Injection Passive Crack – Silently collecting Wireless LAN packets 64-bit key – 10 HEX (100-300MB raw data/100K-300K IVs collected) 128-bit key – 26 HEX (150-500MB raw data/150K-500K IVs collected) 2) WPA Key Cracking/Decryption:-- (Optional Module Available) WPA-PSK cracking is an optional module. By using external server with Smart Password List and GPU acceleration technology, WPA-PSK key can be recovered/cracked. Notes: The time taken to decrypt the WEP key by passive mode depends on amount network activity. The time to crack WPA-PSK key depends on the length and complexity of the key. Besides, it is compulsory to have the WPA-PSK handshakes packets captured.

  32. Cracking/Decryption of WEP Key (2) Automatic: System auto crack/decrypt WEP key (default)Manual: Capture raw data and crack/decrypt WEP key manually Cracking Manually

  33. Cracking/Decryption of WEP Key (3) WEP Key Cracked!

  34. Wireless-Detective – WPA Cracking Solution WPA-PSK Cracking Solution WPA Handshake packets need to be captured for cracking WPA key. Utilize Single Server or Distributed Servers (multiple smart password list attack simultaneously) to crack WPA key. Acceleration technology: GPU Acceleration Note: WPA handshakes packet can be captured by Standalone Wireless-Detective system or Distributed Wireless-Detective systems.

  35. Cracking/Decryption of WPA-PSK Key WPA/WPA2-PSK cracking module is optional (dedicated server). Application: Utilizing Smart Password List attack and GPU technology (Graphic Cards) to recover or crack the WPA/WPA2-PSK Key. Supported WPA: WPA-PSK (TKIP) and WPA2-PSK (AES). Speed: up to 30 times faster than normal CPU. GPU supported: NVIDIA and ATI

  36. Decoding and Reconstruction – Protocols supported • Email POP3, SMTP, IMAP • Webmail (Read and Sent) Yahoo Mail (Standard and Beta/2.0), Windows Live Hotmail, Gmail, Giga Mail etc. 3. IM/Chat Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ, Google Talk, IRC, UT Chat Room, Skype call session/duration • File Transfer– FTP • File Transfer – P2P Bittorent, eMule/eDonkey, Gnutella, Fasttrack 5. HTTP Link, Content, Reconstruct, Upload/Download, Video Stream • Online Game Maplestory, RO, Kartrider, FairyLand, Hero, WonderLand etc. • Telnet/BBS • VOIP Yahoo Messenger – reconstructed back to GIPS format • Webcam Yahoo and MSN Messenger

  37. Wireless-Detective GUI – Sample Email – POP3 Date/Time, From, To, CC, Subject, Account, Password

  38. Wireless-Detective GUI – Sample Web Mail (Read) Date/Time, Content, Web Mail Type

  39. Wireless-Detective – Sample Web Mail (Sent) Date/Time, Form, To, CC, BCC, Subject, Webmail Type

  40. Wireless-Detective – Sample IM/Chat – MSN Date/Time, User Handle, Participant, Conversation, Count

  41. Wireless-Detective – Sample IM/Chat – Yahoo Date/Time, Screen Name, Participant, Conversation, Count Including VOIP and Webcam sessions reconstruction and playback

  42. Wireless-Detective – Sample File Transfer - FTP Date/Time, Account, Password, Action, FTP Server IP, File Name

  43. Wireless-Detective – Sample Peer to Peer – P2P Date/Time, Port, Peer Port, Tool, File Name, Action, Hash

  44. Wireless-Detective – Sample Telnet Date/Time, Account, Password, Server IP, File Name Playback of TELNET Session

  45. Wireless-Detective – Sample HTTP – Link/Content/Reconstruct Date/Time, URL Reconstructed Web Pages

  46. Wireless-Detective – Sample HTTP – Upload/Download Date/Time, Action, File Name, HTTP Download/Upload URL, Size

  47. Wireless-Detective – Sample Online Games Date/Time, MAC Address, Port, Peer Port, Game Name

  48. Wireless-Detective – Search – Conditional/Free Text Search by Parameters/Conditions Free Text Search

  49. Wireless-Detective – Alertand Notification by Condition Alert Administrator by Parameters/Conditions

  50. Wireless-Detective – Wireless Equipment Locator Utilizes Wireless Sensors and Triangulation Training Methods to estimate the location of the targeted Wireless Devices. 1 WD Master system + min. 3 WD Slave systems (sensors) Note: WatchGuard.WLAN can be used in place of WD slave systems for this Wireless Equipment Locator function)