Difference between pages "Network forensics" and "Blogs"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(removed dead link to GraniteEdge Networks, added InfoWatch Traffic Monitor)
 
 
Line 1: Line 1:
'''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process.
+
[[Computer forensics]] related resources like: blogs, fora, tweets, tools and challenges (and test images).
  
There are both open source and proprietary network forensics systems available.
+
= Blogs =
  
== Open Source Network Forensics ==
+
== English ==
  
* [[Wireshark]]
+
* [http://www.appleexaminer.com/ The Apple Examiner]
* [[Kismet]]
+
* [http://computer.forensikblog.de/en/ Computer Forensics Blog], by [[Andreas Schuster]]
* [[Snort]]
+
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
* [[OSSEC]]
+
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
* [[NetworkMiner]] is [http://sourceforge.net/projects/networkminer/ an open source Network Forensics Tool available at SourceForge].
+
* [http://windowsir.blogspot.com/ Windows Incident Response Blog], by [[Harlan Carvey]]
* [[Xplico]] is an Internet/IP Traffic Decoder (NFAT). Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...].
+
* [http://geschonneck.com/ Computer Forensics Blog], by [[Alexander Geschonneck]]
 +
* [http://forensicblog.org/ Computer Forensics Blog], by [[Michael Murr]]
 +
* [http://forenshick.blogspot.com/ Forensic news, Technology, TV, and more], by [[Jordan Farr]]
 +
* [http://unixsadm.blogspot.com/ UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems], by [[Criveti Mihai]]
 +
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
 +
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Computer Forensic Glossary Blog, HOWTOs and other resources], by [[Andrew Hoog]]
 +
* [http://secureartisan.wordpress.com/ Digital Forensics with a Focus on EnCase], by [[Paul Bobby]]
 +
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
 +
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
 +
* [http://integriography.wordpress.com Computer Forensics Blog], by [[David Kovar]]
 +
* [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves], by [[Jesse Kornblum]]
 +
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
 +
* [http://www.digitalforensicsource.com Digital Forensic Source]
 +
* [http://dfsforensics.blogspot.com/ Digital Forensics Solutions]
 +
* [http://forensicaliente.blogspot.com/ Forensicaliente]
 +
* [http://www.ericjhuber.com/ A Fistful of Dongles]
 +
* [http://gleeda.blogspot.com/ JL's stuff]
 +
* [http://4n6k.blogspot.com/ 4n6k]
 +
* [http://justaskweg.com/ JustAskWeg], by [[Jimmy Weg]]
 +
* [http://blog.kiddaland.net/ IR and forensic talk], by [[Kristinn Gudjonsson]]
 +
* [http://c-skills.blogspot.ch/ c-skills], by Sebastian
  
== Commercial Network Forensics ==
+
== Dutch ==
  
===Deep-Analysis Systems===
+
* [http://stam.blogs.com/8bits/ 8 bits], by [[Mark Stam]] (also contain English articles otherwise use [http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
* E-Detective [http://www.edecision4u.com/] [http://www.digi-forensics.com/home.html]
+
* Code Green Networks [http://www.codegreennetworks.com Content Inspection Appliance] - Passive monitoring and mandatory proxy mode. Easy to use Web GUI. Linux platform. Uses Stellent Outside In to access document content and metadata.
+
* ManTech International Corporation [http://www.netwitness.com/ NetWitness]
+
* Network Instruments [http://www.networkinstruments.com/]
+
* NIKSUN's [[NetDetector]]
+
* PacketMotion [http://www.packetmotion.com/]
+
* Sandstorm's [http://www.sandstorm.net/products/netintercept/ NetIntercept] - Passive monitoring appliance. Qt/X11 GUI. FreeBSD platform. Uses forensic parsers written by Sandstorm to access document content and metadata.
+
* Mera Systems [http://netbeholder.com/ NetBeholder]
+
* [http://www.infowatch.com/trafficmonitor InfoWatch Traffic Monitor]
+
  
===Flow-Based Systems===
+
== French ==
* Arbor Networks
+
* GraniteEdge Networks
+
* Lancope http://www.lancope.com/
+
* Mazu Networks http://www.mazunetworks.com/
+
  
===Hybrid Systems===
+
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
These systems combine flow analysis, deep analysis, and security event monitoring and reporting.
+
* Q1 Labs  http://www.q1labs.com/
+
  
== Tips and Tricks ==
+
== German ==
  
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
+
* [http://computer.forensikblog.de/ Computer Forensik Blog Gesamtausgabe], by [[Andreas Schuster]] ([http://computer.forensikblog.de/en/ English version])
 +
* [http://computer-forensik.org computer-forensik.org], by [[Alexander Geschonneck]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
 +
* [http://henrikbecker.blogspot.com Digitale Beweisführung], by [[Henrik Becker]] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
  
== See also ==
+
== Spanish ==
* [[Wireless forensics]]
+
* [[SSL forensics]]
+
* [[Tools:Network Forensics]]
+
* [[Tools:Logfile Analysis]]
+
  
[[Category:Network Forensics]]
+
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
 +
* [http://www.inforenses.com InForenseS], by [[Javier Pages]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
 +
* [http://windowstips.wordpress.com El diario de Juanito]
 +
* [http://conexioninversa.blogspot.com Conexión inversa]
 +
 
 +
== Russian ==
 +
 
 +
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
 +
 
 +
= Related blogs =
 +
 
 +
* [http://www.c64allstars.de C64Allstars Blog]
 +
* [http://www.emergentchaos.com/ Emergent Chaos], by [[Adam Shostack]]
 +
* [http://jeffjonas.typepad.com/ Inventor of NORA discusses privacy and all things digital], by [[Jeff Jonas]]
 +
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking], by [[Golden G. Richard III]]
 +
 
 +
= Circles/Fora/Groups =
 +
* [http://forensicfocus.com/ Forensic Focus]
 +
* [http://tech.groups.yahoo.com/group/win4n6 Yahoo! groups: win4n6 · Windows Forensic Analysis]
 +
 
 +
= Tweets =
 +
* [http://twitter.com/#!/search/%23DFIR?q=%23DFIR #DFIR]
 +
* [http://twitter.com/#!/search/%23forensics #forensics]
 +
 
 +
= Tools =
 +
* [http://www2.opensourceforensics.org/ Open Source Digital Forensics]
 +
* [http://forensiccontrol.com/resources/free-software/ Free computer forensic tools]
 +
* [http://code.google.com/p/libyal/ Yet another library library (and tools)]
 +
 
 +
= Challenges (and test images) =
 +
* [http://www.forensicfocus.com/images-and-challenges Forensic Focus - Test Images and Forensic Challenges]
 +
* [http://testimages.wordpress.com/ Digital Forensic Test Images]
 +
* [http://secondlookforensics.com/linux-memory-images/ Second Look - Linux Memory Images]
 +
 
 +
= Conferences =
 +
See: [[:Category:Conferences|Conferences]]
 +
 
 +
[[Category:Further information]]

Revision as of 13:25, 19 September 2012

Computer forensics related resources like: blogs, fora, tweets, tools and challenges (and test images).

Blogs

English

Dutch

French

German

Spanish

Russian

Related blogs

Circles/Fora/Groups

Tweets

Tools

Challenges (and test images)

Conferences

See: Conferences