Difference between pages "Network forensics" and "Microsoft Office"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Open Source Network Forensics)
 
(External Links)
 
Line 1: Line 1:
'''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process.
+
{{expand}}
  
There are both open source and proprietary network forensics systems available.  
+
== EventLogs ==
 +
As of Office 2010 related Office Alerts EventLog:
 +
<pre>
 +
C:\Windows\System32\winevt\Logs\OAlerts.evtx
 +
</pre>
  
== Open Source Network Forensics ==
+
== See Also ==
 +
* [[Microsoft Office File formats]]
  
* [[NetworkMiner]] is [http://sourceforge.net/projects/networkminer/ an open source Network Forensics Tool available at SourceForge].
+
== External Links ==
* [[Snort]]
+
* [http://dfstream.blogspot.com/2014/01/ms-excel-2013-last-saved-location.html MS Excel 2013 Last Saved Location Metadata], Jason Hale, January 12, 2014
* [[OSSEC]]
+
* [[Xplico]] is an Internet/IP Traffic Decoder (NFAT). Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...].
+
  
== Commercial Network Forensics ==
+
[[Category:Analysis]]
===Deep-Analysis Systems===
+
* Code Green Networks [http://www.codegreennetworks.com Content Inspection Appliance] - Passive monitoring and mandatory proxy mode. Easy to use Web GUI. Linux platform. Uses Stellent Outside In to access document content and metadata.
+
* ManTech International Corporation [http://www.netwitness.com/ NetWitness]
+
* Network Instruments [http://www.networkinstruments.com/]
+
* NIKSUN's [[NetDetector]]
+
* PacketMotion [http://www.packetmotion.com/]
+
* Sandstorm's [http://www.sandstorm.net/products/netintercept/ NetIntercept] - Passive monitoring appliance. Qt/X11 GUI. FreeBSD platform. Uses forensic parsers written by Sandstorm to access document content and metadata.
+
* Mera Systems [http://netbeholder.com/ NetBeholder]
+
 
+
===Flow-Based Systems===
+
* Arbor Networks
+
* GraniteEdge Networks http://www.graniteedgenetworks.com/
+
* Lancope http://www.lancope.com/
+
* Mazu Networks http://www.mazunetworks.com/
+
 
+
===Hybrid Systems===
+
These systems combine flow analysis, deep analysis, and security event monitoring and reporting.
+
* Q1 Labs  http://www.q1labs.com/
+
 
+
== Tips and Tricks ==
+
 
+
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
+
 
+
== See also ==
+
* [[Tools:Network Forensics]]
+

Revision as of 15:26, 13 January 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

EventLogs

As of Office 2010 related Office Alerts EventLog:

C:\Windows\System32\winevt\Logs\OAlerts.evtx

See Also

External Links