Difference between pages "Network forensics" and "MAC times"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Flow-Based Systems)
 
m
 
Line 1: Line 1:
'''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process.
+
...
  
There are both open source and proprietary network forensics systems available.
+
== External Links ==
  
== Open Source Network Forensics ==
+
* [http://en.wikipedia.org/wiki/MAC_times Wikipedia: MAC times]
 
+
* [[Snort]]
+
* [[OSSEC]]
+
 
+
== Commercial Network Forensics ==
+
===Deep-Analysis Systems===
+
* Sandstorm's [http://www.sandstorm.net/products/netintercept/ NetIntercept]
+
* NIKSUN's [[NetDetector]]
+
* ManTech International Corporation [http://www.netwitness.com/ NetWitness]
+
===Flow-Based Systems===
+
* Arbor Networks
+
* GraniteEdge Networks
+
* Lanscope
+
* Mazu Networks
+
* Q1 Labs  http://www.q1labs.com/
+
 
+
== Tips and Tricks ==
+
 
+
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
+

Revision as of 03:25, 24 March 2006

...

External Links