Forensics Investigation Toolkit _FIT_ is a Windows ... - E-Detective

Document Sample
Forensics Investigation Toolkit _FIT_ is a Windows ... - E-Detective Powered By Docstoc
					 Forensics Investigation Toolkit (FIT)
             Layer 7 Content Reconstruction Tool

Decision Group
Introduction to Forensics Investigation Toolkit
    Offline Raw Data Files (PCAP) Decoding and
             Layer 7 Reconstruction Tool      Trial
Solution for:                                                      Available
 Internet or Network Traffic Analysis (Network Administrator)
 Auditing of Internet or Network Traffics (CISO and Auditor)
 Network Forensics Analysis and Investigation (Government and LEA)
  Forensics Investigation Toolkit (FIT) is a Windows based Application
  Software suitable for all users to analyze and investigate the content of
  Internet as well as network raw data files.

        Operation on platforms of:

                                                           Internet Content
Forensics Investigation Toolkit Application
             Working with
Set up a batch file to
 make pcap file from                cd /program files/wireshark
 Wireshark                          dumpcap –i 1 –s 128 –b
Making_pcap.bat                      files:100 –b filesize:
                                      2000000 –w c:/my
dumpcap command                      document/pcap
    i – NIC interface                file/fit_raw_data01.pcap
    s – packet size (Kbyte)
    b – output pcap file style
      • file – pcap file number
      • filesize – pcap file size
    w – output pcap file name
The Best Layer 7 Reconstruction Tool with Wireshark!
Internet Protocols Supported

                  Email           HTTP
                 Webmail     (Link, Content,
 IM/Chat                       Download,
  (Yahoo,                       Video FLV)
 QQ, IRC,                     File Transfer
Google Talk                     FTP, P2P
   Etc.)      Others
          Online Games
         Telnet, VoIP etc.
Sample: Email (POP3, SMTP and IMAP)
Sample: Webmail – Yahoo Mail, Gmail, Hotmail etc…
Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…
Sample: File Transfer – FTP Upload/Download
Sample: File Transfer – P2P File Sharing
Sample: HTTP (Content)
Sample: HTTP Upload/Download
Sample: HTTP Video Streaming (FLV Format)
Sample: HTTP Request
Full Text Search – Content Search

    Full Text Search – Search by Key Words
         What you can do with FIT
With Forensic Investigation Tool, you
 can identify
     Total network throughput
     Application(s) occupying most bandwidth
     Network user(s) consuming most bandwidth
     Network performance with online services
     Packets, which slow down network
     Content, which involves in business conduct
     Pattern, which is compliant with IT governance
     Location, where target user is
     … etc
References – Implementation Sites and Customers
    Criminal Investigation Bureau
    The Bureau of Investigation Ministry of Justice
    National Security Agency (Bureau) in various countries
    Intelligence Agency in various countries
    Ministry of Defense in various countries
    Counter/Anti Terrorism Department
    National Police, Royal Police in various countries
    Government Ministries in various countries
    Federal Investigation Bureau in various countries
    Telco/Internet Service Provider in various countries
    Banking and Finance organizations in various countries
    Others
     Notes: Due to confidentiality of this information, the exact name and countries of
                      the various organizations cannot be revealed.
Decision Group

Shared By:
yaofenji yaofenji