Network Forensics and Lawful Interception Total Solutions Provider

1
Network Forensics and Lawful InterceptionTotal
Solutions Provider
2
E-Detective
LAN Internet Monitoring Forensics Analysis
System

• Solution for
• Auditing and Record Keeping with ISO 270001, SOX,
  HIPPAetc
• Internet Monitoring/Network Behavior Recording
• Forensics Analysis and Investigation for LEA

Most Advanced Device for Data Leakage Protection,
Lawful Interception and Network Forensic
3
Wireless-Detective
WLAN Analytics/Forensics/Legal Interception
System

• Support Wireless LAN 802.11a/b/g /n Scanning
  Packet Capturing
• Automatically WEP Key Cracking (WPA Optional
  Module)
• Decode and Reconstruct WLAN packets
• Capture/Decode/Display are All-in-One

Important Tool for Lawful Enforcement Agencies
such as Police, Military, Forensics, and
Enterprise Auditing and Legal Department.
The Powerful Smallest Forensic Device in The
World
4
E-Detective / Lawful EnforcementManagement
Facility

• Major Functions
• As a lawful interception system for parsing pcap
  file format or raw packet data stream from
  frontend mediation platforms or broadband service
  routers
• Decoding all data packets associated with
  protocol based on service port number and session
• Saving un-decoded data into specified directory
  in pcap format
• Output decoded data into database and associated
  multimedia files with XML description files in
  predefined way
• Compliance with ETSI TS 101 671 and ETSI ES 201
  671

High Performance Passive LI Platform compliance
with ETSI Standard
5
Large Volume Data Manipulation and Centralized
Data Processingwith 3rd Party Analysis System
Data Retention Management System

• Data Retention Management System (DRMS) is
  designed for viewing Backup ISO Data centrally
  from multiple E-Detective Systems.
• Provides a User Friendly GUI. Easy to import
  (mount ISO) and view the Backup Content
  especially for large amount of Backup ISO Files.
• Capable to mount and view multiple Backup ISO
  Files at the same time.
• Works with E-Detective system for Auto FTP Backup
  function. Allow Auto Backup ISO File in
  E-Detective to be stored in Backup Server.
• Search and Advance Search functions provided to
  search into Backup ISO Content or specific Backup
  ISO Content.
• Easy Management of Backup ISO Files.
• Integration with 3rd party data mining or link
  analysis system

6
E-Detective Decoding Centre

• Designed for Off-line Packet Reconstruction
• Multi-Users and Case Base Management
• Administrator can create different project/case
  for different user/investigator to conduct
  Internet raw data parser and forensics analysis
  task on the system
• Various Content of Internet Applications Decoding
• Email (POP3, SMTP, IMAP), Webmail (Yahoo Mail,
  Gmail, Hotmail etc.) IM (Yahoo, MSN, ICQ, QQ, UT,
  IRC, Google Talk, Skype Voice Call Log), File
  Transfer (FTP, P2P), HTTP (Link, Content,
  Reconstruct, Upload/Download, Video Stream),
  Telnet, Online Games, VoIP, Webcam (Yahoo, MSN)

Cutting-edge Offline Decoding Device
7
HTTPS/SSL Interceptor

• Decrypting HTTPS/SSL Traffic
• Operation Modes
• Network Crack and Redirect - Man in the Middle
  Attack
• HTTP/HTTPS Proxy
• Certificate Replacement by Customization
  (optional)

To view encrypted content, a key is a needed
The Powerful HTTPS/SSL Cracker for Network
Interception
8
VoIP-Detective
User may opt to purchase the complete Appliance
(Hardware Software) or only purchase Software
from us. User may use their own dedicated server
for installing the software.

• Capable to intercept and capture (through Mirror
  Mode or Tap Deployment), decode and reconstruct
  VoIP RTP sessions.
• Supports voice calls of SIP and H.323.
• Supported CODECS G.711-a law, G.711-u law,
  G.729, G.726 and ILBC.
• Capable to play back the reconstructed VoIP
  sessions.

The Appliance for VoIP Cracking System
9
Forensics Investigation Toolkit
Offline Raw Data Files (PCAP) Decoding and
Reconstruction Tool

• Solution for
• Internet or Network Traffic Content Analysis
  (Network Administrator)
• Auditing of Internet or Network Traffics
  (Network Administrator)
• Network Forensics Analysis and Investigation
  (Government and LEA)

Forensics Investigation Toolkit (FIT) is a
Windows based Application Software suitable for
all group of users to analyze and forensically
investigate on the content of Internet/network
raw data files captured.
The Powerful Forensic Analysis Tool on Windows
System
10
Network Investigation Toolkit

• What are the capabilities of NIT?
• Interception of Ethernet LAN traffic through
  mirror port (or by network tap).
• Interception of WLAN traffic (up to 4 different
  WLAN channels).
• Intercept ion of Ethernet LAN HTTPS/SSL traffic
  by MITM attack.
• Intercept ion of WLAN HTTPS/SSL traffic by MITM
  attack.
• Real-time raw data decoding and reconstruction.
• Offline raw data decoding and reconstruction.
• Forensics analysis and investigation.

Solution for Lawful Enforcement Agencies (Police
Intelligence, Military Intelligence, National
Security, Counter Terrorism, Cyber Security,
Defense Ministry etc.
Combine ED, WD and EDDC into one portable
system for field LEA agents
11
Network Packet Forensic Analysis Training
12
Cyber Crime Investigation Training

• Introduction to Cyber Crime Investigation
  Training

• Courses include

• Cyber Crime with VoIP and Telecom
• Cyber Crime with Internet Services 
• Legal Processes with Cyber Crime Investigation
• Methodology of Data Analysis for Cyber Crime
  Investigation
• Weakness of Common IT Systems
• Workshop on Drills

• In order to fight against rampaging cyber crimes
  in the world effectively, you better understand
  the nature of cyber crime, the legal procedure,
  and learn the lesson of real cases from
  experienced investigators and experts.
• In this course, experienced speakers will
  introduce common cyber criminal skill, how to
  take investigation, digital data analysis with
  practical case study.

13
More Than 180 Internet Application Decoders
Generic E-Mail POP3, IMAP, SMTP
Webmail GMail, Yahoo, Hotmail, more than 21 webmail
Instant Message MSN, GoogleTalk, ICQ, more than 8 IM
Web Page Web Link, Content and Request
Web FTP Upload/Download
Web Video YouTube, GoogleVideo
File Transfer FTP, P2P, more than 20 service
Telnet BBS Playback is available
Asia On-Line Game More than 81 game
VoIP SIP, H.323 (G.711, G.729, ILIBC)
Social Network Service Facebook, Twitter, Plurk
Mobile online applications iphone, Android
14
About Decision Group

• Established in 1986 with 25 year experience in IT
  industry.
• Strong RD Capability 54 Software and Hardware
  engineers with 5 PhD. 10 Master Degrees
• Offices Taiwan, Singapore, China, Canada,
  Germany, Japan, Zimbabwe, Hong Kong

• Address 4/F No. 31, Alley 4, Lane 36, Sec.5,
  Ming-Shen East Road Taipei, Taiwan, R.O.C .
• Phone No 886 2 2766 5753
  Fax No 886 2 2766 5702
• E-Mail decision_at_decision.com.tw
  URL www.edecision4u.com