Difference between pages "Cell phones" and "Network forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Open Source Network Forensics)
 
Line 1: Line 1:
'''Cell phones''' or '''mobile phones''' are an important target for [[forensic investigator]]s.
+
'''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process.
  
== Technologies ==
+
There are both open source and proprietary network forensics systems available.
+
* [[CDMA]]
+
* [[TDMA]]
+
* [[GSM]]
+
* [[iDEN]]
+
* [[EDGE]]
+
* [[GPRS]]
+
* [[UMTS]]
+
  
== Hardware ==
+
== Open Source Network Forensics ==
  
* [[RIM BlackBerry]]
+
* [[Snort]]
* [[T-Mobile Sidekick  ]]
+
* [[OSSEC]]
* [[SIM Cards]]
+
* [[Xplico]] is an Internet/IP Traffic Decoder (NFAT). Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...].
  
== Operating Systems ==
+
== Commercial Network Forensics ==
 +
===Deep-Analysis Systems===
 +
* Code Green Networks [http://www.codegreennetworks.com Content Inspection Appliance] - Passive monitoring and mandatory proxy mode. Simple to us Web GUI. Linux platform. Uses Stellent Outside In to access document content and metadata.
 +
* ManTech International Corporation [http://www.netwitness.com/ NetWitness]
 +
* Network Instruments [http://www.networkinstruments.com/]
 +
* NIKSUN's [[NetDetector]]
 +
* PacketMotion [http://www.packetmotion.com/]
 +
* Sandstorm's [http://www.sandstorm.net/products/netintercept/ NetIntercept] - Passive monitoring appliance. Qt/X11 GUI. FreeBSD platform. Uses forensic parsers written by Sandstorm to access document content and metadata.
  
* [[Microsoft PocketPC]]
+
===Flow-Based Systems===
* [[Microsoft Windows Mobile]]
+
* Arbor Networks
* [[Palm]]
+
* GraniteEdge Networks http://www.graniteedgenetworks.com/
* [[RIM BlackBerry]]
+
* Lancope http://www.lancope.com/
* [[Symbian]]
+
* Mazu Networks http://www.mazunetworks.com/
* [[Linux]]
+
  
== Forensics ==  
+
===Hybrid Systems===
 +
These systems combine flow analysis, deep analysis, and security event monitoring and reporting.
 +
* Q1 Labs  http://www.q1labs.com/
  
'''Procedures'''
+
== Tips and Tricks ==
  
* [[Cell Phone Forensics]]
+
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
* [[SIM Card Forensics]]
+
* [[External Memory Card Forensics]]
+
 
+
== Tools ==
+
 
+
'''Hardware'''
+
* [[ Azimuth RadioProof™ Enclosures]]
+
* [[Radio Frequency (RF) Jammers]]
+
* [[Network Security Solutions Secure Tents]]
+
* [[Network Security Solutions Seizure Bags for Cell Phones/PDAs/Laptops]]
+
* [http://www.paraben-forensics.com/catalog/product_info.php?cPath=26&products_id=343 Paraben Device Seizure Toolbox]
+
* [http://www.paraben-forensics.com/catalog/product_info.php?cPath=26&products_id=372 Paraben Handheld First Responder Kit]
+
* [[Paraben StrongHold Bag]]
+
* [[Paraben StrongHold Tent]]
+
 
+
'''Software'''
+
* [[BitPIM]]
+
* [[DataPilot Secure View]]
+
* [[FloAt's Mobile Agent]]
+
* [[ForensicMobile]]
+
* [[ForensicSIM]]
+
* [[LogiCube CellDEK]]
+
* [[MicroSystemation .XRY]]
+
* [[MOBILedit!]]
+
* [[Oxygen PM II]]
+
* [[Paraben Device Seizure]]
+
* [[Paraben SIM Seizure]]
+
* [[Phone-Forensics.com CLiVE]]
+
* [[Quantaq USIMdetective]]
+
* [[Quantaq USIMcommander]]
+
* [[Quantaq USIMdetective]]
+
* [[Quantaq USIMexplorer]]
+
* [[Quantaq USIMprofiler]]
+
* [[Quantaq USIMregistrar]]
+
* [[SIMCon]]
+
* [[TULP2G]]
+

Revision as of 08:59, 26 May 2008

Network forensics is the process of capturing information that moves over a network and trying to make sense of it in some kind of forensics capacity. A network forensics appliance is a device that automates this process.

There are both open source and proprietary network forensics systems available.

Open Source Network Forensics

Commercial Network Forensics

Deep-Analysis Systems

  • Code Green Networks Content Inspection Appliance - Passive monitoring and mandatory proxy mode. Simple to us Web GUI. Linux platform. Uses Stellent Outside In to access document content and metadata.
  • ManTech International Corporation NetWitness
  • Network Instruments [1]
  • NIKSUN's NetDetector
  • PacketMotion [2]
  • Sandstorm's NetIntercept - Passive monitoring appliance. Qt/X11 GUI. FreeBSD platform. Uses forensic parsers written by Sandstorm to access document content and metadata.

Flow-Based Systems

Hybrid Systems

These systems combine flow analysis, deep analysis, and security event monitoring and reporting.

Tips and Tricks

  • The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.