Download presentation
Presentation is loading. Please wait.
Published bySavannah Matthews Modified over 10 years ago
2
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective Series of Products Decision Computer Group of Company Website: www.edecision4u.com Email: frankie@decision.com.tw;
3
DECISION-COMPUTER INTERNATIONAL CO., LTD Introduction to E-Detective Series of Products E-Detective Wireless-Detective E-Detective Decoding Center (EDDC/XDDC) HTTPS/SSL Network Forensics Device WatchGuard.WLAN VOIP Interception Uniqueness of Decision Computer Group References Others Offering Agenda 2
4
DECISION-COMPUTER INTERNATIONAL CO., LTD 3 E-Detective (LAN Internet Monitoring/Interception System)
5
DECISION-COMPUTER INTERNATIONAL CO., LTD Solution for: Organization Internet Monitoring/Network Behavior Recording Auditing and Record Keeping, Forensics Analysis and Investigation, Legal and Lawful Interception (LI) Others E-Detective FX-30FX-06 FX-100FX-120 E-Detective Standard System Models and Series E-Detective Architecture/Work Flow Compliance Solution for: Sarbanes Oxley Act (SOX) HIPAA, GLBA, SEC, NASD, E-Discovery etc. 010101010 10010101010 4
6
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective Implementation Diagram (1) Organization Internet Monitoring and Interception System 5
7
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective Implementation Diagram (2) Telco and ISP Internet Lawful Interception (LI) Solution Real-Time/Online Decoding and Reconstruction Offline Decoding and Reconstruction Nationwide Internet Monitoring for Protecting National Security 6
8
DECISION-COMPUTER INTERNATIONAL CO., LTD 1.Email POP3, SMTP, IMAP 2.Webmail (Read and Sent) Yahoo Mail (Standard and Beta/2.0), Windows Live Hotmail, Gmail, Giga Mail etc. 3.IM/Chat Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ, Google Talk, IRC, UT Chat Room, Skype call session/duration 3.File Transfer – FTP 4.File Transfer – P2P Bittorent, eMule/eDonkey, Gnutella, Fasttrack 5.HTTP Link, Content, Reconstruct, Upload/Download, Video Stream 6.Online Game Maplestory, RO, Kartrider, FairyLand, Hero, WonderLand etc. 7.Telnet/BBS 8.VOIP Yahoo Messenger – reconstructed back to GIPS format 9.Webcam Yahoo and MSN Messenger Decoding and Reconstruction – Protocols Supported 7
9
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Homepage – Dashboard with Reports 8
10
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample Email – POP3/SMTP/IMAP 9
11
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample Web Mail (Read) Webmail: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail, Hinet etc. 10
12
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample Web Mail (Sent) Webmail: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail, Hinet etc. 11
13
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample IM/Chat – MSN, Yahoo etc. 12
14
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample File Transfer - FTP 13
15
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample File Transfer – P2P P2P Protocols: Bittorent, eDonkey/eMule, Fasttrack etc. 14
16
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample HTTP – Link/Content/Reconstruct Whois function provides you the actual URL Link IP Address HTTP Web Page content can be reconstructed 15
17
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample HTTP Video Stream Video Stream (FLV format): Youtube, Google Video, Metacafe. Playback of Video File 16
18
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Sample TELNET Playback of Telnet Session 17
19
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Authority Assignment Authority – Visibility and Operation in Group (with User defined) Authority - VisibilityAuthority - Operation Authority Groups with Users 18
20
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Backup – Auto-FTP/Manual Auto-FTP Backup Manual Backup Download ISO or Burn in to CD/DVD Reserved Raw Data Files and Backup Reconstructed Data Comes with Hashed Export Function 19
21
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Online IP List with IP/Account Report 20
22
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective – Alert – Alert with Content Alert configured from different service categories and different parameters such as key word, account, IP etc. Alert can be sent to Administrator by Email or SMS if SMS Gateway is available. 21
23
DECISION-COMPUTER INTERNATIONAL CO., LTD 22 E-Detective – Search Search – Free Text Search, Conditional Search, Similar Search and Association Search Conditional Search Free Text Search Association Search
24
DECISION-COMPUTER INTERNATIONAL CO., LTD 23 Wireless-Detective (WLAN/802.11a/b/g Interception System)
25
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective System WLAN Analytics/Forensics/Legal Interception System Important Tool for Intelligent Agencies such as Police, Military, Forensics, Legal and Lawful Interception Agencies. Scan all WLAN 802.11a/b/g 2.4 and 5.0 GHz channels for AP and STA Captures/sniffs WLAN 802.11a/b/g packets. Decrypt WEP key (WPA Optional Module) Decodes and reconstructs WLAN packets Stores data in raw and reconstructed content Displays reconstructed content in Web GUI Hashed export and archive All in One System! Smallest and most complete WLAN Interception System in the World! Wireless-Detective - Introduction 24
26
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using Enhanced System with High Gain Antenna) Wireless-Detective – Implementation Diagram (1) WLAN Interception Standalone Architecture Deployment (Capture a single channel, a single AP or a single STA) 25
27
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective Extreme System - Utilizing multiple/distributed Wireless-Detective systems (Master – Slave) to conduct simultaneous capture, forbidding and location estimation functions. Wireless-Detective – Implementation Diagram (2) WLAN Interception Distributed Architecture Deployment (Utilizing min. of 2 systems for simultaneously (Master & Slaves capturing/forbidding functions. Capture a single channel, a single AP or a single STA) Note: For capturing multiple channels, each Wireless-Detective (WD) can reconfigure/act as standalone system. For example deploy 4 WD systems with each capturing on one single channel. 26
28
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective Standalone Systems Multiple Channels Capturing Utilizing more than 1 Wireless-Detective to capture different channels. Wireless-Detective – Implementation Diagram (3) WLAN Interception Standalone – Multiple Channels Capturing Single WD for single channel capturing. Multiple WD for multiple channel capturing Note: The advantage to have multiple WD systems is you have the flexibility to deploy distributed architecture (for capturing single channel/target) or you can split it for standalone system deployment for multiple channels capturing. 27
29
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective – AP/STA Information – Capture Mode Displaying information of Wireless devices (AP/STA) in surrounding area. 28
30
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective – AP/STA Information – Forbidder Mode Displaying information of Wireless devices (AP/STA) in surrounding area. 29
31
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective – Forbidder Mode Implementation WLAN Jammer/Forbidder Implementation 1.Forbid connectivity of STA 2.Forbid connectivity of AP 30
32
DECISION-COMPUTER INTERNATIONAL CO., LTD Cracking/Decryption of WEP/WPA Key (1) 1) WEP Key Cracking/Decryption:-- (64, 128, 256 bit key) Proactive Crack and Passive Crack Proactive/Active Crack – By utilizing ARP Injection Passive Crack – Silently collecting Wireless LAN packets 64-bit key – 10 HEX (100-300MB raw data /100K-300K IVs collected) 128-bit key – 26 HEX (150-500MB raw data /150K-500K IVs collected) 2) WPA Key Cracking/Decryption:-- (Optional Module Available) WPA-PSK cracking is an optional module. By using external server with Smart Password List and GPU acceleration technology, WPA-PSK key can be recovered/cracked. Notes: The time taken to decrypt the WEP key by passive mode depends on amount network activity. The time to crack WPA-PSK key depends on the length and complexity of the key. Besides, it is compulsory to have the WPA-PSK handshakes packets captured. WEP Key Cracking/Decryption can be done by Wireless-Detective System! Auto Cracking (system default) or Manual Cracking 31
33
DECISION-COMPUTER INTERNATIONAL CO., LTD Automatic: System auto crack/decrypt WEP key (default) Manual: Capture raw data and crack/decrypt WEP key manually Cracking Manually Cracking/Decryption of WEP Key (2) 32
34
DECISION-COMPUTER INTERNATIONAL CO., LTD WEP Key Cracked! Cracking/Decryption of WEP Key (3) 33
35
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective – WPA Cracking Solution WPA-PSK Cracking Solution WPA Handshake packets need to be captured for cracking WPA key. Utilize Single Server or Distributed Servers (multiple smart password list attack simultaneously) to crack WPA key. Acceleration technology: GPU Acceleration Note: WPA handshakes packet can be captured by Standalone Wireless-Detective system or Distributed Wireless-Detective systems. 34
36
DECISION-COMPUTER INTERNATIONAL CO., LTD Cracking/Decryption of WPA-PSK Key WPA/WPA2-PSK cracking module is optional (dedicated server). Application: Utilizing Smart Password List attack and GPU technology (Graphic Cards) to recover or crack the WPA/WPA2-PSK Key. Supported WPA: WPA-PSK (TKIP) and WPA2-PSK (AES). Speed: up to 30 times faster than normal CPU. GPU supported: NVIDIA and ATI 35
37
DECISION-COMPUTER INTERNATIONAL CO., LTD 1.Email POP3, SMTP, IMAP 2.Webmail (Read and Sent) Yahoo Mail (Standard and Beta/2.0), Windows Live Hotmail, Gmail, Giga Mail etc. 3.IM/Chat Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ, Google Talk, IRC, UT Chat Room, Skype call session/duration 3.File Transfer – FTP 4.File Transfer – P2P Bittorent, eMule/eDonkey, Gnutella, Fasttrack 5.HTTP Link, Content, Reconstruct, Upload/Download, Video Stream 6.Online Game Maplestory, RO, Kartrider, FairyLand, Hero, WonderLand etc. 7.Telnet/BBS 8.VOIP Yahoo Messenger – reconstructed back to GIPS format 9.Webcam Yahoo and MSN Messenger Decoding and Reconstruction – Protocols supported 36
38
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, From, To, CC, Subject, Account, Password Wireless-Detective GUI – Sample Email – POP3 37
39
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, Content, Web Mail Type Wireless-Detective GUI – Sample Web Mail (Read) 38
40
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, Form, To, CC, BCC, Subject, Webmail Type Wireless-Detective – Sample Web Mail (Sent) 39
41
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, User Handle, Participant, Conversation, Count Wireless-Detective – Sample IM/Chat – MSN 40
42
DECISION-COMPUTER INTERNATIONAL CO., LTD Including VOIP and Webcam sessions reconstruction and playback Date/Time, Screen Name, Participant, Conversation, Count Wireless-Detective – Sample IM/Chat – Yahoo 41
43
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, Account, Password, Action, FTP Server IP, File Name Wireless-Detective – Sample File Transfer - FTP 42
44
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, Port, Peer Port, Tool, File Name, Action, Hash Wireless-Detective – Sample Peer to Peer – P2P 43
45
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, Account, Password, Server IP, File Name Playback of TELNET Session Wireless-Detective – Sample Telnet 44
46
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, URL Reconstructed Web Pages Wireless-Detective – Sample HTTP – Link/Content/Reconstruct 45
47
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, Action, File Name, HTTP Download/Upload URL, Size Wireless-Detective – Sample HTTP – Upload/Download 46
48
DECISION-COMPUTER INTERNATIONAL CO., LTD Date/Time, MAC Address, Port, Peer Port, Game Name Wireless-Detective – Sample Online Games 47
49
DECISION-COMPUTER INTERNATIONAL CO., LTD Search by Parameters/Conditions Free Text Search Wireless-Detective – Search – Conditional/Free Text 48
50
DECISION-COMPUTER INTERNATIONAL CO., LTD Alert Administrator by Parameters/Conditions Wireless-Detective – Alert and Notification by Condition 49
51
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective – Wireless Equipment Locator Utilizes Wireless Sensors and Triangulation Training Methods to estimate the location of the targeted Wireless Devices. 1 WD Master system + min. 3 WD Slave systems (sensors) Note: WatchGuard.WLAN can be used in place of WD slave systems for this Wireless Equipment Locator function) 50
52
DECISION-COMPUTER INTERNATIONAL CO., LTD Wireless-Detective - Advantages/Benefits Smallest, portable, mobile and light weight WLAN legal interception system. This allows easy tracking and capturing of suspect’s Internet activities especially suspect moves from one place to another. Suspect won’t notice WD existence as it looks like normal laptop. Detects unauthorized WLAN access/intruders (IDS). Provides detailed information of AP, Wireless Routers and Wireless Stations (such as channel, Mbps, security (encryption), IP, signal strength, manufacturer, MAC) Provides capturing of WLAN packets from single channel, AP, STA or multiple channels by deploying distributed/multiple systems. That also means flexibility and scalability of deployment solution. Provides decryption of Wireless key, WEP key (WPA cracking is optional module) Provides decoding and reconstruction of different Internet services/protocols on the fly, reconstructed data is displayed in original content format on local system Web GUI. Supports reserving of raw data captured (for further analysis if required) and archiving of reconstructed at with hashed export functions. Supports condition/parameter search and free text search. Supports alert by condition/parameter. Provides Wireless forbidding/jamming function Provides Wireless Equipment Locator function. The All-in-One Portable WLAN Interception System 51
53
DECISION-COMPUTER INTERNATIONAL CO., LTD 52 E-Detective Decoding Centre (EDDC/XDDC)
54
DECISION-COMPUTER INTERNATIONAL CO., LTD 53 EDDC/XDDC EDDC/XDDC is a Unix/Linux based system specially designed for Offline raw data files reconstruction. It allows Administrator to create different project/case for different user/investigator (with different level of authority) to conduct Internet raw data parser and forensics analysis task on the system. The system is able to reconstruct Internet application/services like Email (POP3, SMTP, IMAP), Webmail (Yahoo Mail, Gmail, Hotmail etc.) IM (Yahoo, MSN, ICQ, QQ, UT, IRC, Google Talk, Skype Voice Call Log), File Transfer (FTP, P2P), HTTP (Link, Content, Reconstruct, Upload/Download, Video Stream), Telnet, Online Games, VoIP (Yahoo), Webcam (Yahoo, MSN). User/Case Management – Offline Internet Raw Data Parser/Reconstruction – Search Function – Export/Backup EDDC- Standard Offline Reconstruction System XDDC – Offline Reconstruction with Layer 7 Analytics – NEW!
55
DECISION-COMPUTER INTERNATIONAL CO., LTD EDDC/XDDC Implementation (1) Offline Raw Data Decoding and Reconstruction system. Comes with User and Case Management functions. 54
56
DECISION-COMPUTER INTERNATIONAL CO., LTD EDDC/XDDC Implementation (2) Offline Raw Data Decoding and Reconstruction system. Comes with User and Case Management functions. 55 Investigator 1 Case 1 Investigator 2 Case 2 Case 1 Results Case 2 Results Case 1 Case 2
57
DECISION-COMPUTER INTERNATIONAL CO., LTD 56 E-Detective VOIP Forensics Intelligence System
58
DECISION-COMPUTER INTERNATIONAL CO., LTD VOIP Forensic Intelligence System VOIP Protocols supported: * SIP (The most common VOIP protocol used worldwide) * H.323 Audio CODECS supported: Voice call (VOIP) sessions can be captured, recorded (in “wav” file format) and played back with popular voice media player. Current available and supported Audio CODECS developed by Decision include: - G.729 - G.711-a law and G.711-u law - G.723 - G.726 - ILBG Date/Tim e Caller No. Called No. Duratio n Caller Gateway (IP) Called Gateway (IP) Caller Port Called Port Conversati on Protocol Audio Codec Session 1 Sample Information retrievable: Point to Point Communication SIP Server ArchitectureRelay 57
59
DECISION-COMPUTER INTERNATIONAL CO., LTD 58 HTTPS/SSL Network Forensics Device
60
DECISION-COMPUTER INTERNATIONAL CO., LTD HTTPS/SSL Interceptor Capable of decrypting HTTPS traffic. Two modes of operation: 1. Man in the Middle Attack (MITM); and 2. Offline Method (Decrypting HTTPS raw data with Private Key Available) Username and passwords (login) can be captured by the HTTPS/SSL Device. For instance, Google/Gmail login, Hotmail login, Yahoo Mail login, Amazon login etc. 59 To view encrypted content, a key is a needed
61
DECISION-COMPUTER INTERNATIONAL CO., LTD 60 WatchGuard.WLAN
62
DECISION-COMPUTER INTERNATIONAL CO., LTD 61 WatchGuard.WLAN WLAN – IEEE 802.11a/b/g Instruction Detection System (IDS), WLAN Defender and Jammer System. WatchGuard.WLAN provides WLAN communication diagnosis function. It can detect unauthorized WLAN communication from access point (AP) or wireless station (STA) within the coverage area. It can then forbid the unauthorized connection. Warning/notification Email/message can be sent to the network administrator. To prevent/forbid the unauthorized WLAN connections, the system can pretend as the station to inform the AP to stop the communication. Besides, noise signal emission to the station and/or AP is another method to prevent/deter wireless communication. To protect from outside attack and prevent from inside leakage!
63
DECISION-COMPUTER INTERNATIONAL CO., LTD 62 Application Diagram - WatchGuard.WLAN
64
DECISION-COMPUTER INTERNATIONAL CO., LTD Uniqueness of Decision Computer Group Designer, Architect and Manufacturer for variety of Network Security, Content Forensics and Internet Interception Solutions. We provides OEM and ODM services where we accept customization requirements from customers. Series of Products Offering: E-Detective (Ethernet LAN and Telco/ISP Lawful Interception System) Wireless-Detective (WLAN Lawful Interception System) EDDC/XDDC (Offline Internet Decoding and Reconstruction System) HTTPS/SSL Interceptor (HTTPS/SSL Decryption System – using MITM attack) VOIP Forensics Intelligence (VOIP Interception System) WatchGuard.WLAN (WLAN Forbidding, Jamming and Defense tool) NuBlock (Write Protection Toolkit) Industrial I/O Card Series 63
65
DECISION-COMPUTER INTERNATIONAL CO., LTD Decision Computer Group - References Customers Criminal Investigation Bureau TW The Bureau of Investigation Ministry of Justice TW National Security Agency (Bureau) in various countries Intelligence Agency in various countries Ministry of Defense in various countries National Police, Royal Police in various countries Government Ministries in various countries Federal Investigation Bureau in various countries Telco/Internet Service Provider in various countries Banking and Finance organizations in various countries Note: Due to confidentiality of this information, the exact name and countries of the various organizations cannot be revealed. 64
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.