Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010.

Slides:



Advertisements
Similar presentations
Decision Group Forensics Investigation Toolkit (FIT) Layer 7 Content Reconstruction Tool.
Advertisements

Page 1 / 18 Internet Traffic Monitor IM Page 2 / 18 Outline Product Overview Product Features Product Application Web UI.
E-Detective Series of Products Presentation (2009) Decision Group
Wireless-Detective WLAN a/b/g/n Interception System Decision Group
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective Series of Products Decision Computer Group of Company Website:
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Network Forensics and Lawful Interception Total Solutions Provider
DECISION GROUP The Pioneer of IT Forensics Taipei, Germany, Hong Kong, Singapore.
IS Network and Telecommunications Risks
1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Chapter 1 Introduction Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.
Data Communications and Networks
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.
1 Chapter Overview Network devices. Hubs Broadcast For star topology Same as a repeater Operate at the physical layer 2.
Cyber Crime & Investigation IT Security Consultant
Midterm Review - Network Layers. Computer 1Computer 2 2.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Surveillance Equipment For Internet Activities It is a Internet activities surveillance equipment designed for sniffer package from networking, converter.
Lawful Interception & Packet Forensics Analysis System for Telecom and ISP Special promotion:- EDDC : Off-line Packet Reconstruction & Network Forensics.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
ITED 328 Lecture 4 12 Feb 2004 Loosely covering Chapter 5 Internet and LAN Technology.
NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.
Characteristics of Communication Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
7/12: Ch. 6 Telecommunications Business Value of Telecommunications Trends –Industry –Technology –Application Internet applications Network models –WANs,
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources.
Physical vs logical components of the internet and Networks
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Decision Group Inc. E-DETECTIVE Decision Group Inc.
E-Detective HTTPS/SSL Interception – MITM & Proxy Decision Group
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
Chapter 6 Data Communications. Network Collection of computers Communicate with one another over transmission line Major types of network topologies What.
E-Detective Decoding Centre (EDDC) Offline Decoding & Reconstruction Solution Decision Group
NETWORK HARDWARE CABLES NETWORK INTERFACE CARD (NIC)
Instrument for Business, Police, Military, Forensics and Information Investigation Wiretap Technology Revolution!!!
E-Detective Ethernet LAN Interception System (with Real-Time Content Reconstruction) Decision Group
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
TCP =Transmission Control Protocol IP = Internet Protocol TCP/IP Protocol.
Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.
Term 2, 2011 Week 2. CONTENTS Communications devices – Modems – Network interface cards (NIC) – Wireless access point – Switches and routers Communications.
Network Components By Kagan Strayer. Network Components This presentation will cover various network components and their functions. The components that.
E-Detective Network Investigation Toolkit - NIT (2010) Decision Group
TCP/IP. The idea behind TCP/IP is exactly the same we explained about the OSI reference model: when transmitting data, programs talk to the Application.
Transmission Control Protocol (TCP) Internet Protocol (IP)
DECISION Group Inc.. Decision Group Monitoring Center Solution on Internet Access for LEA or Intelligence.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
The OSI Model An ISO (International standard Organization) that covers all aspects of network communications is the Open System Interconnection (OSI) model.
E-Detective VoIP Detective – VoIP Interception (2010) Decision Group
Network media, protocols and networking standards, networking hardware.
Chapter 3.  Help you understand what hardware is required to allow networks to work including: ◦ Repeaters ◦ Hub ◦ Switch ◦ Bridge ◦ Gateway (not needed.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Forensics Investigation Toolkit (FIT) Offline Raw Data Files Parsing and Reconstruction Tools (Windows) Decision Group
Ad Hoc – Wireless connection between two devices Backbone – The hardware used in networking Bandwidth – The speed at which the network is capable of sending.
Xplico: concept, features and demo.
Module 1: Understanding Local Area Networks
Introduction to Technology Infrastructure
Computer Networks.
Networking for Home and Small Businesses – Chapter 6
Introduction to Technology Infrastructure
Networking for Home and Small Businesses – Chapter 6
Networking for Home and Small Businesses – Chapter 6
Protocol Application TCP/IP Layer Model
Presentation transcript:

Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010

IP Packet Capture Way There are 3 types of IP packet capture ways based on application and industry standard : Packet captured from IP network : for IP network infrastructure in enterprises, ISP, IDC and LTE/WiMAX operators IP packet from Telco switch : 1.Tradition switch through Mediation Platform 2.For IMS and all IP networks, IP Packet can be captured through service broker of application layer or directly from IP core switch of Media and End Point layer of IMS system 3.From Cable TV ● ●

IP Packet Capture Way– Sniffer All data packets on Ethernet are broadcasted in the network, i.e., all physical signals will flow to the network Interface card of the appliance. NIC card can be under promiscuous mode, so it can receive all data no matter what the MAC address it is. This is what the basic of Sniffer all about. Enterprise, ISP, IDC, LTE/WiMAX E-Detective

Lawful Interception Can get that evidence? 4 For example : Sender address, Receive address Time and date Content Location … More

Sample: (POP3, SMTP and IMAP)

Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…

What Lawful Interception Needs Now….. Network Packet Capture and Reconstruction Ethernet VoIP Off-line Training & Support Wireless a/b/g/n HTTPS/ SSL

E-Detective – Mirror Mode Implementation Organization or Corporate Network Deployment

Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using enhanced system with High Gain Antenna) Wireless-Detective – Implementation Diagram (1) WLAN Lawful Interception – Standalone Architecture Wireless-Detective Deployment (Capture a single channel, a single AP or a single STA)

Wireless-Detective – WPA-PSK Cracking Sol. WPA-PSK Cracking Solution WPA Handshake packets need to be captured for cracking WPA key. Utilize Single Server or Distributed Servers (multiple smart password list attack simultaneously) to crack WPA key. Acceleration technology: GPU Acceleration Note: WPA handshakes packet can be captured by Standalone Wireless-Detective system or Distributed Wireless- Detective systems.

EDDC Offline Forensics Product Offline Raw Data (PCAP) Decoding and Reconstruction system. Comes with User and Case Management features. Investigator 1 Case 1 Investigator 2 Case 2 Case 1 Results Case 2 Results Collect, Import Raw Data For Case 1 Case 1 Case 2Collect, Import Raw Data For Case 2 Decode and Reconstruct various Internet Protocols and Services

HTTPS/SSL MITM Interception System Intercept and reconstruct HTTPS/SSL traffic. Obtain HTTPS page login username and password. Intercept on specific targets (suspects)

HTTPS/SSL MITM Interception System Intercept and reconstruct HTTPS/SSL traffic. Obtain HTTPS page login username and password. Intercept on specific targets (suspects)

14 Software Architecture

IM/Chat (Yahoo, MSN, ICQ, QQ, IRC, Google Talk Etc.) Webmail HTTP (Link, Content, Reconstruct, Upload Download) File Transfer FTP, P2 P Others Online Games Telnet etc. More Then 140 Internet Protocols Supported VOIP

SBC TDM RTP Stream HI-3 Content HI-2 IRI HI-1 Provisioning INI-2 IRI Control Information Control Information Router/IAD USER MEDIATION ANALYSIS USER Edge Router Target Edge Router INI-3 Call Content gateway Server INI-1 Provisioning Data Captured through Tradition Telco Switch EDDC LEA side Telco side From LI port of Soft Switch/TDM to capture signals by ETSI/CALEA standard. Passing through mediation platform and convert the data for further analysis through Handover Interface (HI) before reaching EDDC for further packet analysis Router/IAD

IMS IP packet/SIP Router/IAD USER ANALYSIS USER Router/IAD Target Edge Router SGIM IP Packet/SIP Data Packet Captured through Telco IP Switch EDDC LEA side Telco side Core Switch Edge Router (application layer) (media layer) E-Detective E-Detective Directly capture IP data packets from both application or media layers of IMS/all IP networks. So it is not necessary to pass through mediation platform. It’s predicted that this will be the future trend for all Telco operators CMS (session layer)

Data Packet Captured through Cable TV 18 User loop STB Analog fiber optic CM CMT S 50~1000MHz 5~42MHz NIU NIU Cable TV Broadcasting NIU …… Internet Computer TV Tel phone Mediation E-Detective fiber optic node

Technology Transfer Program To Help ETRI to Enhance Capability of LI Application Research Target –E-Detective –Wireless-Detective Scope –Source Codes –On-Site Training –On-Site Assistance for Software Development Reasonable Fee 19

Contact Information Casper Chang Kan/ CEO Ted Chao/ Product Manager Address : 4/F No. 31, Alley 4, Lane 36, Sec.5, Ming-Shan Phone No : Fax No : URL : East Road Taipei, Taiwan, R.O.C.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.