Difference between pages "Network forensics" and "Talk:Main Page"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
'''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process.
+
I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global.
  
There are both open source and proprietary network forensics systems available.  
+
Any thoughts, please put them on www.computer-forensics.co.uk in the forums section.
  
== Open Source Network Forensics ==
+
Thanks and regards,
  
* [[Wireshark]]
+
Simon
* [[Kismet]]
+
* [[Snort]]
+
* [[Argus]]
+
* [[OSSEC]]
+
* [[NetworkMiner]] is [http://sourceforge.net/projects/networkminer/ an open source Network Forensics Tool available at SourceForge]
+
* [[Xplico]] is an Internet/IP Traffic Decoder (NFAT). Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...]
+
* [[DataEcho]]
+
* [[ntop]]
+
* [[Chaosreader]] is a session reconstruction tool (supports both live or captured network traffic)
+
* [[Data copy king]] is an conprehensive tool which integrating data backup, disk wipe, HDD auto detection.
+
== Commercial Network Forensics ==
+
 
+
===Deep-Analysis Systems===
+
* WildPackets [[OmniPeek]] [http://www.wildpackets.com/solutions/it_solutions/network_forensics] [http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer/forensics_search]
+
* E-Detective [http://www.edecision4u.com/] [http://www.digi-forensics.com/home.html]
+
* Code Green Networks [http://www.codegreennetworks.com Content Inspection Appliance] - Passive monitoring and mandatory proxy mode. Easy to use Web GUI. Linux platform. Uses Stellent Outside In to access document content and metadata.
+
* NetWitness Corporation - Freeware/Commercial, Enterprise-Wide, Real-Time Network Forensics [http://www.netwitness.com/ NetWitness]
+
* Network Instruments [http://www.networkinstruments.com/]
+
* NIKSUN's [[NetDetector]]
+
* PacketMotion [http://www.packetmotion.com/]
+
* Sandstorm's [http://www.sandstorm.net/products/netintercept/ NetIntercept] - Passive monitoring appliance. Qt/X11 GUI. FreeBSD platform. Uses forensic parsers written by Sandstorm to access document content and metadata.
+
* Mera Systems [http://netbeholder.com/ NetBeholder]
+
* [http://www.infowatch.com InfoWatch Traffic Monitor]
+
* MFI Soft [http://sormovich.ru/ SORMovich] (in Russian)
+
* Solera Networks - Provider of full packet capture network forensics appliances [http://www.soleranetworks.com/ Solera Networks]
+
 
+
===Flow-Based Systems===
+
* Arbor Networks
+
* GraniteEdge Networks
+
* Lancope http://www.lancope.com/
+
* Mazu Networks http://www.mazunetworks.com/
+
 
+
===Hybrid Systems===
+
These systems combine flow analysis, deep analysis, and security event monitoring and reporting.
+
* Q1 Labs  http://www.q1labs.com/
+
 
+
== Tips and Tricks ==
+
 
+
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
+
 
+
== See also ==
+
* [[Wireless forensics]]
+
* [[SSL forensics]]
+
 
+
* [[IP geolocation]]
+
* [[Tools:Network Forensics]]
+
* [[Tools:Logfile Analysis]]
+
 
+
[[Category:Network Forensics]]
+

Revision as of 12:50, 8 February 2007

I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global.

Any thoughts, please put them on www.computer-forensics.co.uk in the forums section.

Thanks and regards,

Simon