Difference between pages "Ntop" and "HBGary Responder Professional"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
 
Line 1: Line 1:
{{Infobox_Software |
+
'''HBGary Responder Professional''' is a computer forensics suite distributed by [[HBGary]].
  name = ntop |
+
  maintainer = Luca Deri and others |
+
  os = {{Linux}}, {{Windows}} |
+
  genre = Network forensics |
+
  license = {{GPL}} |
+
  website = [http://www.ntop.org/ www.ntop.org] |
+
}}
+
  
== Overview ==
+
[[File:logo.jpg]]
  
'''ntop''' is a network traffic probe that shows the network usage, similar to what the popular [[top]] [[Unix]] command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every [[Unix]] platform and on [[Windows | Win32]] as well.
 
  
ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.[http://www.ntop.org/products/ntop/]
+
----
  
== What ntop can do for me? ==
+
Responder™ Professional is a leader in Windows™ physical memory and automated malware analysis. It is an
* Sort network traffic according to many protocols
+
application that is known for its ease of use, streamlined workflow, and rapid results. The Professional platform is designed for Incident Responders, Malware Analysts, and Computer Forensic Investigators who demand the very best. Responder Professional provides powerful memory
* Show network traffic sorted according to various criteria
+
forensics, malware detection, and software behavioral identification with Digital DNA™.
* Display traffic statistics
+
* Store on disk persistent traffic statistics in RRD format
+
* Identify the indentity (e.g. email address) of computer users
+
* Passively (i.e. without sending probe packets) identify the host OS
+
* Show IP traffic distribution among the various protocols
+
* Analyse IP traffic and sort it according to the source/destination
+
* Display IP Traffic Subnet matrix (who’s talking to who?)
+
* Report IP protocol usage sorted by protocol type
+
* Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
+
* Produce RMON-like network traffic statistics
+
  
  
== Platforms ==
+
----
* Unix (including Linux, *BSD, Solaris, and MacOSX)
+
* Win32 (Win95 and above including Vista
+
  
  
== Media ==
+
Memory Preservation: FDPro is included with Responder™ Professional. FDPro is the most complete memory acquisition software in the
* Loopback
+
industry. FDPro is the only application that can preserve Windows™ physical memory and Pagefile for information security and computer
* Ethernet (including 802.11Q)
+
forensic purposes.
* Token Ring
+
* PPP/PPPoE
+
* Raw IP
+
* FDDI
+
* FibreChannel
+
* ...and many more
+
  
  
== Requirements ==
+
----
  
=== Memory Usage ===
+
Memory Analysis
* It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.
+
Critical computer artifacts are found only in live memory and Responder makes it easy to uncover and take advantage of this search,
 +
identify and report on f critical information with easy to use and an intuitive GUI designed to support investigation workflow.
  
=== CPU Usage ===
 
* It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.
 
  
== Protocols ==
+
----
* IPv4/IPv6
+
* IPX
+
* DecNet
+
* AppleTalk
+
* Netbios
+
* OSI
+
* DLC
+
* …and many more
+
 
+
== IP Protocols ==
+
* Fully User Configurable
+
 
+
== Additional Features ==
+
* VoIP support (SIP, Cisco SCCP and Asterisk IAX)
+
* NetFlow (including v5 and v9) and IPFIX support
+
* Network Flows
+
* Local Traffic Analysis
+
* Multithread and MP (MultiProcessor) support on both Unix and Win32
+
* Python lightweight API for extending ntop via scripts
+
* Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.
+
* Traffic statistics are saved into RRDdatabases for long-run traffic analysis.
+
* Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
+
* Network assets discovery and categorization according to their OS and users
+
* Protocol decoders for many internet protocols
+
* Advanced ‘per user’ HTTP password protection with encrypted passwords
+
* RRDsupport for persistently storing per-host traffic information
+
* Passive remote host fingerprint (Courtesy of ettercap)
+
* HTTPS (Secure HTTP via OpenSSL)
+
* Virtual/multiple network interfaces support
+
* Graphical ntop launcher (Win32 only)
+
 
+
== External Links  ==
+
 
+
* [http://www.ntop.org/get-started/download/ get ntop]
+
 
+
[[Category:Network Forensics]]
+

Revision as of 11:32, 12 October 2009

HBGary Responder Professional is a computer forensics suite distributed by HBGary.

Logo.jpg



Responder™ Professional is a leader in Windows™ physical memory and automated malware analysis. It is an application that is known for its ease of use, streamlined workflow, and rapid results. The Professional platform is designed for Incident Responders, Malware Analysts, and Computer Forensic Investigators who demand the very best. Responder Professional provides powerful memory forensics, malware detection, and software behavioral identification with Digital DNA™.




Memory Preservation: FDPro is included with Responder™ Professional. FDPro is the most complete memory acquisition software in the industry. FDPro is the only application that can preserve Windows™ physical memory and Pagefile for information security and computer forensic purposes.



Memory Analysis Critical computer artifacts are found only in live memory and Responder makes it easy to uncover and take advantage of this search, identify and report on f critical information with easy to use and an intuitive GUI designed to support investigation workflow.