Difference between pages "Disk Reliability" and "OmniPeek"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(New page: OmniPeek Distributed Analysis Suite The OmniPeek Distributed Analysis Suite can capture up to 64 Terabytes with the Omnipliance SuperCore Network Recorder. For an unlimited amount of stor...)
 
Line 1: Line 1:
Research on disk reliability and disk failure rates is relevant to computer forensics for several reasons:
+
OmniPeek Distributed Analysis Suite
* Disk failures frequently make it difficult to recover data from a subject computer.
+
* Because forensic practitioners use very large datasets, issues of disk drive reliability can have direct bearing on forensic readyness.
+
  
==Bibliography==
+
The OmniPeek Distributed Analysis Suite can capture up to 64 Terabytes with the Omnipliance SuperCore Network Recorder. For an unlimited amount of storage, an Omnipliance can be connected to a Storage Area Network (SAN) and analyze events that occurred hours, days, weeks, or even months ago.  
* An analysis of latent sector errors in disk drives, Lakshmi N. Bairavasundaram, Garth R. Goodson, Shankar Pasupathy, Jiri Schindler, SIGMETRICS '07. [http://portal.acm.org/citation.cfm?id=1269899.1254917 (ACM DL)]
+
  
* [http://labs.google.com/papers/disk_failures.pdf Failure Trends in a Large Disk Drive Population], Eduardo Pinheiro, Wolf-Dietrich Weber and Luiz Andre Barroso, Proceedings of the 5th USENIX Conference on File and Storage Technologies (FAST’07), February 2007
+
When searching through gigabytes or terabytes of data, these features make the difference between a quick, convenient search and a laborious, time-consuming search involving multiple tools and large transfers of data:
  
[[Category:Bibliographies]]
+
    * Support for frame decodes during capture
 +
    * Support for on-the-fly capture filters
 +
    * Support for Selected Related filters
 +
    * Support for name table entry and aliases
 +
    * Support for multiple simultaneous capture windows
 +
    * Ability to sort by number of problems, top talkers, most delays, etc.
 +
    * Ability to organize flows by application type
 +
    * Ability to organize flows by client/server pair
 +
    * Ability to capture from multiple simultaneous NICs
 +
    * Ability to capture from 802.11 wireless LANs
 +
    * Ability to store packets in a MySQL database
 +
    * Conversation Map at the point of capture
 +
    * Built-in Experts for recognizing security attacks such as Gin, Jolt, Land, Oversize IP, and WinNuke
 +
 
 +
Beyond these built-in features, OmniPeek also supports an extensive API for automation and analysis.  Many of these are available to maintenance customers from the MyPeek Community Portal [https://mypeek.wildpackets.com/welcome.php].
 +
 
 +
OmniPeek analyzes data at the point of capture, and eliminates the need for large data transfers that consume time and bandwidth. By utilizing Intelligent Data Transport™, the OmniPeek Distributed Analysis Suite minimizes traffic loads on the network.
 +
 
 +
'''HR Compliance'''
 +
 
 +
    * Detect and analyze violations of HR policies or industry regulations
 +
    * Support compliance efforts for SOX, Gramm-Leach-Bliley, HIPAA, and other industry regulations
 +
    * Collect evidence when breaches occur
 +
 
 +
'''Intermittent Issues'''
 +
 
 +
    * Capture and analyze intermittent network problems
 +
    * Troubleshoot problems that occurred hours or days ago
 +
    * Find the patterns that ad hoc, reactive troubleshooting will miss
 +
 
 +
'''Security Attack Analysis'''
 +
 
 +
    * Detect and characterize attacks—whether they’ve just begun or occurred days ago
 +
    * Apply filters to isolate malicious behavior
 +
    * Equip your network IT team with a powerful incident response tool
 +
 
 +
'''Transaction Analysis'''
 +
 
 +
    * Create an audit trail for business transactions—not just server activity but the business transactions enacted by clients and servers
 +
    * Troubleshoot the transaction problems that server logs miss

Revision as of 19:48, 19 May 2009

OmniPeek Distributed Analysis Suite

The OmniPeek Distributed Analysis Suite can capture up to 64 Terabytes with the Omnipliance SuperCore Network Recorder. For an unlimited amount of storage, an Omnipliance can be connected to a Storage Area Network (SAN) and analyze events that occurred hours, days, weeks, or even months ago.

When searching through gigabytes or terabytes of data, these features make the difference between a quick, convenient search and a laborious, time-consuming search involving multiple tools and large transfers of data:

   * Support for frame decodes during capture
   * Support for on-the-fly capture filters
   * Support for Selected Related filters
   * Support for name table entry and aliases
   * Support for multiple simultaneous capture windows
   * Ability to sort by number of problems, top talkers, most delays, etc.
   * Ability to organize flows by application type
   * Ability to organize flows by client/server pair
   * Ability to capture from multiple simultaneous NICs
   * Ability to capture from 802.11 wireless LANs
   * Ability to store packets in a MySQL database
   * Conversation Map at the point of capture
   * Built-in Experts for recognizing security attacks such as Gin, Jolt, Land, Oversize IP, and WinNuke 

Beyond these built-in features, OmniPeek also supports an extensive API for automation and analysis. Many of these are available to maintenance customers from the MyPeek Community Portal [1].

OmniPeek analyzes data at the point of capture, and eliminates the need for large data transfers that consume time and bandwidth. By utilizing Intelligent Data Transport™, the OmniPeek Distributed Analysis Suite minimizes traffic loads on the network.

HR Compliance

   * Detect and analyze violations of HR policies or industry regulations
   * Support compliance efforts for SOX, Gramm-Leach-Bliley, HIPAA, and other industry regulations
   * Collect evidence when breaches occur

Intermittent Issues

   * Capture and analyze intermittent network problems
   * Troubleshoot problems that occurred hours or days ago
   * Find the patterns that ad hoc, reactive troubleshooting will miss

Security Attack Analysis

   * Detect and characterize attacks—whether they’ve just begun or occurred days ago
   * Apply filters to isolate malicious behavior
   * Equip your network IT team with a powerful incident response tool

Transaction Analysis

   * Create an audit trail for business transactions—not just server activity but the business transactions enacted by clients and servers
   * Troubleshoot the transaction problems that server logs miss