New Network Forensic Investigation Toolkit by Decision Group
The enhancement of new NIT system is significant compared to the old version. New enhancement is actually based on the real requirement of customer on tactic operation in the field.
With this enhancement of both function and technology, new NIT will fully meet the requirement of field investigators. The enhancement of new NIT can be divided into 4 different perspectives in terms of system, function, administrative and service as following:
System
- Appliance System with new generation of laptop based on Intel hardware architecture with more advanced computing power and heat dissipation.
- Enhanced with 4 external USB Wi-Fi network dongles for more coverage on different channels of RF wave.
- Built-in 1Gbps Ethernet port for LAN connection.
- Option with external high gain antenna ( >8 dB) for more coverage of long distance RF reception.
- Option with 3.5G HSPDA dongle for data transmission to master unit or backend DRMS system.
- Hardware with one-year limited global warranty by manufacturer and option for multi-year extended coverage.
- Built-in remote auditing and administration utility.
Function
- All system operation based on case management.
- Interception mode:
- Interception on generic network traffic on wired IP network.
- Interception on generic network traffic on wireless Wi-Fi network.
- Interception on HTTPS network traffic on wired IP network.
- Interception on HTTPS network traffic on wireless Wi-Fi network.
- Coverage of Wireless Interception:
- Indoors: in the range of 20-30 meter
- Outdoors: in the range of 40-50 meter
- Multiple point distributed deployment: Multiple units can be deployed at the different corners against target AP or stations, and consolidate all intercepted data into one master unit in order to enhance RF capture rate.
- Protocol/on-line service supported by Interception
- Email: all emails based on POP3, SMTP and IMAP
- Webmail: Yahoo Mail, Gmail, Outlook.com, Hinet, PCHome, URL, Yam, Sina, Seednet, mail.tom.com, mail.163.com, Sohu.com, Gawab
- Instant messaging (IM or Chat): Yahoo Messenger, IRC, ICQ, UT Chat Room, Hangout (Gtalk), Yahoo Web Chat, Skype Voice Call Duration Log
- Generic HTTP: Link, Content, Reconstruct, Upload and Download, Video Streaming (Youtube, ... etc.)
- HTTPS: HTTPS Decoding and Reconstruction with Username and Password available (with self-signed certificate or Sub-CA Certificate available by other party)
- File Transfer: FTP Upload/Download, P2P File Sharing (BitTorrent, eMule/eDonkey, FastTrack, Gnutella)
- VoIP: option module for SIP/RTP with G.711, G.723, G.729 and iLBG Codecs supported
- Telnet: recorded with animation playback
- Social Media: Facebook, twitter , Plurk, Google+, LinkedIn, Instagram
- SQL Database: SQL Server, MySQL, Oracle and other with ANSI SQL92 standard compliance
- Remote File System: MS CIFS
- Cloud Service: CDR of Dropbox, Evernote
- Peer-to-peer Wi-Fi service: FireChat, Wi-Fi Talkie, Serval Mesh
- Mobile APP: Gmail, Facebook, CDR of WeChat, Line
- Geo-Location Data: Google location service, GIS data from Facebook, Whatsapp
- Data Management
- Data presentation by case management
- Data scoping management: Intercepted data can be scoped by keywords, IP addresses, account ID…etc. through search operation within individual case.
- Data Association/Link Analysis: Intercepted data can be analyzed through link analysis for relationship clarification among different targets. All results will be shown by network graph.
- Data Centralized and Consolidation Management: All intercepted data of each case can be moved to DRMS for data consolidation in data center.
Administration
- User management can be configured within system as operator, system administrator and auditor by authorization and authentication.
- Export and Backup: Raw Data (in PCAP format) and Reconstructed Data (ISO format) exported to optic media (CD/DVD).
- Import of Raw Data (PCAP) for Reconstruction: WLAN Raw Data (in PCAP format) can be imported for cracking the WLAN WEP key and reconstruction.
- System Access-Management: Local Machine GUI access.
- Access Browser: Built-in Browser for both operation and administration.
- Audit Function: All user activities will be logged for auditing operation.
- Security: authentication and authorization process for each user is provided, and BIOS password control is provided by hardware.
- Remote Monitoring Management: Built-in remote access utilities for security and operation monitoring under authorized activation through optional 3.5G network.
- WEP/WPA key management: For designated Wi-Fi network, known WEP/WPA key can be input manually. All existing WEP/WPA keys will be managed by users.
- System recovery built-in for business continuity purpose at BIOS level.
Service:
- Warranty:
- Hardware: standard limited global warranty carried by original manufacturer.
- Software: one year software warranty with upgrade and update service
- Online update service: free online update patch downloading
- Online support from Decision Group by appointed request
- Training:
- Operation and administration training
- Forensic Analysis on Network Packet training
The NIT package provided by Decision Group is the tactic solution designed for the full requirement of law enforcement staff and intelligent officers. With more advanced technology, it serves mostly for the operation of crime investigation and intelligence collection by police officers. It has been proven effectively by LEA officers in 35 countries of Asia Pacific, Africa and Europe regions since 2009.
For more information about NIT, please check out our website at URL: http://www.edecision4u.com or send your request email to decision@decision.com.tw.
|