E-DETECTIVE

E-Detective

Network Investigation Toolkit - NIT (2010)

by Frankie Chan

Decision Group

www.edecision4u.com & www.ed-system.sg

Introduction to Network Investigation Toolkit

What are the capabilities of NIT?

 Interception of Ethernet LAN

traffic through mirror port (or by

network tap).

 Interception of WLAN traffic (up to

4 different WLAN channels).

 Intercept ion of Ethernet LAN

HTTPS/SSL traffic by MITM attack.

 Intercept ion of WLAN HTTPS/SSL

traffic by MITM attack.

Solution for:

 Real-time raw data decoding and

Lawful Enforcement Agencies

reconstruction.

(Police Intelligence, Military

 Offline raw data decoding and Intelligence, National Security,

reconstruction. Counter Terrorism, Cyber

 Forensics analysis and Security, Defense Ministry etc.

investigation.

NIT Implementation Mode (1)

NIT Implementation Mode (2)

NIT Implementation Mode (3)

NIT Implementation Mode (4)

NIT – Homepage – Status of Operation









Display the current operation mode and status of implementation

NIT Internet Protocols Supported







Email HTTP

Webmail (Link, Content,

Reconstruct,

IM/Chat Upload

(Yahoo, Download)

MSN, ICQ,

QQ, IRC, File Transfer

Google Talk FTP, P2P

Etc.) Others

Online Games

Telnet etc.

NIT – Homepage – Status of Operation









Top-Down view

on Case Results

GUI.

Sample: Email (POP3, SMTP, IMAP)

Sample: Webmail (Read and Sent)









Webmail Type: Yahoo Mail, Gmail,

Windows Live Hotmail, Giga Mail

and others

Sample: IM (Yahoo, MSN, ICQ etc.)









Yahoo: Includes file

transfer, webcam, voice

call (GIPS Decoder

Required)

MSN: Includes file

transfer, webcam

Sample: HTTP Link and HTTP Content

Sample: HTTP Video Streaming

Sample: Incomplete Connections









Incomplete connection

sessions can be

viewed by binary-text

viewer

Search – Free Text (Key Words) and Advanced









Free Text (Key Words Search)









Advanced Search

(Conditional

Search)

NIT – System Specifications (1)

NIT – System Specifications (2)

NIT – System Specifications (3)

NIT – System Specifications (4)

References – Implementation Sites and Customers

 Criminal Investigation Bureau

 The Bureau of Investigation Ministry of Justice

 National Security Agency (Bureau) in various countries

 Intelligence Agency in various countries

 Ministry of Defense in various countries

 Counter/Anti Terrorism Department

 National Police, Royal Police in various countries

 Government Ministries in various countries

 Federal Investigation Bureau in various countries

 Telco/Internet Service Provider in various countries

 Banking and Finance organizations in various countries

 Others

Notes: Due to confidentiality of this information, the exact name and countries of

the various organizations cannot be revealed.

Decision Group

www.edecision4u.com

www.ed-system.sg