Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010.

Published byAntonio Lammey Modified over 9 years ago

Similar presentations

Presentation on theme: "Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010."— Presentation transcript:

1 Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010

2 IP Packet Capture Way There are 3 types of IP packet capture ways based on application and industry standard : Packet captured from IP network : for IP network infrastructure in enterprises, ISP, IDC and LTE/WiMAX operators IP packet from Telco switch : 1.Tradition switch through Mediation Platform 2.For IMS and all IP networks, IP Packet can be captured through service broker of application layer or directly from IP core switch of Media and End Point layer of IMS system 3.From Cable TV ● ●

3 IP Packet Capture Way– Sniffer All data packets on Ethernet are broadcasted in the network, i.e., all physical signals will flow to the network Interface card of the appliance. NIC card can be under promiscuous mode, so it can receive all data no matter what the MAC address it is. This is what the basic of Sniffer all about. Enterprise, ISP, IDC, LTE/WiMAX E-Detective

4 Lawful Interception Can get that evidence? 4 For example : Email Sender email address, Receive email address Time and date Content Location … More

5 Sample: Email (POP3, SMTP and IMAP)

6 Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…

7 What Lawful Interception Needs Now….. Network Packet Capture and Reconstruction Ethernet VoIP Off-line Training & Support Wireless 802.11a/b/g/n HTTPS/ SSL

8 E-Detective – Mirror Mode Implementation Organization or Corporate Network Deployment

9 Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using enhanced system with High Gain Antenna) Wireless-Detective – Implementation Diagram (1) WLAN Lawful Interception – Standalone Architecture Wireless-Detective Deployment (Capture a single channel, a single AP or a single STA)

10 Wireless-Detective – WPA-PSK Cracking Sol. WPA-PSK Cracking Solution WPA Handshake packets need to be captured for cracking WPA key. Utilize Single Server or Distributed Servers (multiple smart password list attack simultaneously) to crack WPA key. Acceleration technology: GPU Acceleration Note: WPA handshakes packet can be captured by Standalone Wireless-Detective system or Distributed Wireless- Detective systems.

11 EDDC Offline Forensics Product Offline Raw Data (PCAP) Decoding and Reconstruction system. Comes with User and Case Management features. Investigator 1 Case 1 Investigator 2 Case 2 Case 1 Results Case 2 Results Collect, Import Raw Data For Case 1 Case 1 Case 2Collect, Import Raw Data For Case 2 Decode and Reconstruct various Internet Protocols and Services

12 HTTPS/SSL MITM Interception System Intercept and reconstruct HTTPS/SSL traffic. Obtain HTTPS page login username and password. Intercept on specific targets (suspects)

13 HTTPS/SSL MITM Interception System Intercept and reconstruct HTTPS/SSL traffic. Obtain HTTPS page login username and password. Intercept on specific targets (suspects)

14 14 Software Architecture

15 IM/Chat (Yahoo, MSN, ICQ, QQ, IRC, Google Talk Etc.) Email Webmail HTTP (Link, Content, Reconstruct, Upload Download) File Transfer FTP, P2 P Others Online Games Telnet etc. More Then 140 Internet Protocols Supported VOIP

16 SBC TDM RTP Stream HI-3 Content HI-2 IRI HI-1 Provisioning INI-2 IRI Control Information Control Information Router/IAD USER MEDIATION ANALYSIS USER Edge Router Target Edge Router INI-3 Call Content gateway Server INI-1 Provisioning Data Captured through Tradition Telco Switch EDDC LEA side Telco side From LI port of Soft Switch/TDM to capture signals by ETSI/CALEA standard. Passing through mediation platform and convert the data for further analysis through Handover Interface (HI) before reaching EDDC for further packet analysis Router/IAD

17 IMS IP packet/SIP Router/IAD USER ANALYSIS USER Router/IAD Target Edge Router SGIM IP Packet/SIP Data Packet Captured through Telco IP Switch EDDC LEA side Telco side Core Switch Edge Router (application layer) (media layer) E-Detective E-Detective Directly capture IP data packets from both application or media layers of IMS/all IP networks. So it is not necessary to pass through mediation platform. It’s predicted that this will be the future trend for all Telco operators CMS (session layer)

18 Data Packet Captured through Cable TV 18 User loop STB Analog fiber optic CM CMT S 50~1000MHz 5~42MHz NIU NIU Cable TV Broadcasting NIU …… Internet Computer TV Tel phone Mediation E-Detective fiber optic node

19 Technology Transfer Program To Help ETRI to Enhance Capability of LI Application Research Target –E-Detective –Wireless-Detective Scope –Source Codes –On-Site Training –On-Site Assistance for Software Development Reasonable Fee 19

20 Contact Information Casper Chang Kan/ CEO chang_kan@decision.com.tw Ted Chao/ Product Manager ted@decision.com.tw Address : 4/F No. 31, Alley 4, Lane 36, Sec.5, Ming-Shan Phone No : +886 2 2766 5753 Fax No : +886 2 2766 5702 URL : www.edecision4u.com East Road Taipei, Taiwan, R.O.C.

Download ppt "Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010."

Similar presentations

Decision Group www.edecision4u.com Forensics Investigation Toolkit (FIT) Layer 7 Content Reconstruction Tool.

Decision Group Forensics Investigation Toolkit (FIT) Layer 7 Content Reconstruction Tool.
Page 1 / 18 Internet Traffic Monitor IM-1000. Page 2 / 18 Outline Product Overview Product Features Product Application Web UI.

Page 1 / 18 Internet Traffic Monitor IM Page 2 / 18 Outline Product Overview Product Features Product Application Web UI.
E-Detective Series of Products Presentation (2009) Decision Group www.edecision4u.com.

E-Detective Series of Products Presentation (2009) Decision Group
Wireless-Detective WLAN 802.11a/b/g/n Interception System Decision Group www.edecision4u.com.

Wireless-Detective WLAN a/b/g/n Interception System Decision Group
DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective Series of Products Decision Computer Group of Company Website:

DECISION-COMPUTER INTERNATIONAL CO., LTD E-Detective Series of Products Decision Computer Group of Company Website:
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Network Forensics and Lawful Interception Total Solutions Provider

Network Forensics and Lawful Interception Total Solutions Provider
DECISION GROUP The Pioneer of IT Forensics Taipei, Germany, Hong Kong, Singapore.

DECISION GROUP The Pioneer of IT Forensics Taipei, Germany, Hong Kong, Singapore.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.

1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Chapter 1 Introduction Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Chapter 1 Introduction Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.

NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.
Data Communications and Networks

Data Communications and Networks
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
DECISION Group Inc.. Decision Group www.edecision4u.com Mediation Device for Internet Access Provider.

DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.
1 Chapter Overview Network devices. Hubs Broadcast For star topology Same as a repeater Operate at the physical layer 2.

1 Chapter Overview Network devices. Hubs Broadcast For star topology Same as a repeater Operate at the physical layer 2.
Cyber Crime & Investigation IT Security Consultant

Cyber Crime & Investigation IT Security Consultant
Midterm Review - Network Layers. Computer 1Computer 2 2.

Midterm Review - Network Layers. Computer 1Computer 2 2.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Similar presentations

Ads by Google