Title: EDetective Series of Products
1E-Detective Series of Products
Decision Computer Group of Company Website
www.edecision4u.com Email frankie_at_decision.com.t
w
2 Agenda
- Introduction to E-Detective Series of Products
- E-Detective
- Wireless-Detective
- E-Detective Decoding Center (EDDC/XDDC)
- HTTPS/SSL Network Forensics Device
- WatchGuard.WLAN
- VOIP Interception
- Uniqueness of Decision Computer Group
- References
- Others Offering
3E-Detective (LAN Internet Monitoring/Interception
System)
4 E-Detective
Compliance Solution for Sarbanes Oxley Act
(SOX) HIPAA, GLBA, SEC, NASD, E-Discovery etc.
E-Detective Architecture/Work Flow
010101010 10010101010
E-Detective Standard System Models and Series
FX-100
FX-120
FX-30
FX-06
5 E-Detective Implementation Diagram (1)
Organization Internet Monitoring and Interception
System
6 E-Detective Implementation Diagram (2)
Telco and ISP Internet Lawful Interception (LI)
Solution
Real-Time/Online Decoding and Reconstruction
Offline Decoding and Reconstruction
Nationwide Internet Monitoring for Protecting
National Security
7- Decoding and Reconstruction Protocols Supported
- Email
- POP3, SMTP, IMAP
- Webmail (Read and Sent)
- Yahoo Mail (Standard and Beta/2.0), Windows Live
Hotmail, Gmail, Giga Mail etc. - 3. IM/Chat
- Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ,
Google Talk, IRC, UT Chat Room, Skype call
session/duration - File Transfer FTP
- File Transfer P2P
- Bittorent, eMule/eDonkey, Gnutella, Fasttrack
- 5. HTTP
- Link, Content, Reconstruct, Upload/Download,
Video Stream - Online Game
- Maplestory, RO, Kartrider, FairyLand, Hero,
WonderLand etc. - Telnet/BBS
- VOIP
- Yahoo Messenger reconstructed back to GIPS
format - Webcam
- Yahoo and MSN Messenger
8 E-Detective Homepage Dashboard with Reports
9 E-Detective Sample Email POP3/SMTP/IMAP
10 E-Detective Sample Web Mail (Read)
Webmail Yahoo Mail, Gmail, Windows Live Hotmail,
Giga Mail, Hinet etc.
11 E-Detective Sample Web Mail (Sent)
Webmail Yahoo Mail, Gmail, Windows Live Hotmail,
Giga Mail, Hinet etc.
12 E-Detective Sample IM/Chat MSN, Yahoo etc.
13 E-Detective Sample File Transfer - FTP
14 E-Detective Sample File Transfer P2P
P2P Protocols Bittorent, eDonkey/eMule,
Fasttrack etc.
15 E-Detective Sample HTTP Link/Content/Reconstr
uct
Whois function provides you the actual URL Link
IP Address
HTTP Web Page content can be reconstructed
16 E-Detective Sample HTTP Video Stream
Playback of Video File
Video Stream (FLV format) Youtube, Google Video,
Metacafe.
17 E-Detective Sample TELNET
Playback of Telnet Session
18 E-Detective Authority Assignment
Authority Visibility and Operation in Group
(with User defined)
Authority - Visibility
Authority - Operation
Authority Groups with Users
19 E-Detective Backup Auto-FTP/Manual
Auto-FTP Backup
Manual Backup Download ISO or Burn in to CD/DVD
Reserved Raw Data Files and Backup Reconstructed
Data Comes with Hashed Export Function
20 E-Detective Online IP List with IP/Account
Report
21 E-Detective Alert Alert with Content
Alert configured from different service
categories and different parameters such as key
word, account, IP etc.
Alert can be sent to Administrator by Email or
SMS if SMS Gateway is available.
22 E-Detective Search
Search Free Text Search, Conditional Search,
Similar Search and Association Search
Conditional Search
Free Text Search
Association Search
23Wireless-Detective (WLAN/802.11a/b/g
Interception System)
24 Wireless-Detective - Introduction
Wireless-Detective System WLAN Analytics/Forensics
/Legal Interception System
- Scan all WLAN 802.11a/b/g 2.4 and 5.0 GHz
channels for AP and STA - Captures/sniffs WLAN 802.11a/b/g packets.
- Decrypt WEP key (WPA Optional Module)
- Decodes and reconstructs WLAN packets
- Stores data in raw and reconstructed content
- Displays reconstructed content in Web GUI
- Hashed export and archive
Smallest and most complete WLAN Interception
System in the World!
All in One System!
Important Tool for Intelligent Agencies such as
Police, Military, Forensics, Legal and Lawful
Interception Agencies.
25 Wireless-Detective Implementation Diagram (1)
Wireless-Detective Standalone System - Captures
WLAN packets transmitted over the air ranging up
to 100 meters or more (by using Enhanced System
with High Gain Antenna)
WLAN Interception Standalone Architecture
Deployment (Capture a single channel, a single AP
or a single STA)
26 Wireless-Detective Implementation Diagram (2)
Wireless-Detective Extreme System - Utilizing
multiple/distributed Wireless-Detective systems
(Master Slave) to conduct simultaneous capture,
forbidding and location estimation functions.
WLAN Interception Distributed Architecture
Deployment (Utilizing min. of 2 systems for
simultaneously (Master Slaves
capturing/forbidding functions. Capture a single
channel, a single AP or a single STA)
Note For capturing multiple channels, each
Wireless-Detective (WD) can reconfigure/act as
standalone system. For example deploy 4 WD
systems with each capturing on one single
channel.
27 Wireless-Detective Implementation Diagram (3)
Wireless-Detective Standalone Systems Multiple
Channels Capturing Utilizing more than 1
Wireless-Detective to capture different channels.
WLAN Interception Standalone Multiple Channels
Capturing Single WD for single channel capturing.
Multiple WD for multiple channel capturing
Note The advantage to have multiple WD systems
is you have the flexibility to deploy distributed
architecture (for capturing single
channel/target) or you can split it for
standalone system deployment for multiple
channels capturing.
28 Wireless-Detective AP/STA Information
Capture Mode
Displaying information of Wireless devices
(AP/STA) in surrounding area.
29 Wireless-Detective AP/STA Information
Forbidder Mode
Displaying information of Wireless devices
(AP/STA) in surrounding area.
30 Wireless-Detective Forbidder Mode
Implementation
- WLAN Jammer/Forbidder Implementation
- Forbid connectivity of STA
- Forbid connectivity of AP
31 Cracking/Decryption of WEP/WPA Key (1)
WEP Key Cracking/Decryption can be done by
Wireless-Detective System!
Auto Cracking (system default) or Manual Cracking
1) WEP Key Cracking/Decryption-- (64, 128, 256
bit key) Proactive Crack and Passive
Crack Proactive/Active Crack By utilizing ARP
Injection Passive Crack Silently collecting
Wireless LAN packets 64-bit key 10 HEX
(100-300MB raw data /100K-300K IVs
collected) 128-bit key 26 HEX (150-500MB raw
data /150K-500K IVs collected) 2) WPA Key
Cracking/Decryption-- (Optional Module
Available) WPA-PSK cracking is an optional
module. By using external server with Smart
Password List and GPU acceleration technology,
WPA-PSK key can be recovered/cracked. Notes The
time taken to decrypt the WEP key by passive
mode depends on amount network activity. The time
to crack WPA-PSK key depends on the length and
complexity of the key. Besides, it is compulsory
to have the WPA-PSK handshakes packets captured.
32Automatic System auto crack/decrypt WEP key
(default)Manual Capture raw data and
crack/decrypt WEP key manually
- Cracking/Decryption of WEP Key (2)
Cracking Manually
33- Cracking/Decryption of WEP Key (3)
WEP Key Cracked!
34 Wireless-Detective WPA Cracking Solution
WPA-PSK Cracking Solution WPA Handshake packets
need to be captured for cracking WPA key. Utilize
Single Server or Distributed Servers (multiple
smart password list attack simultaneously) to
crack WPA key. Acceleration technology GPU
Acceleration
Note WPA handshakes packet can be captured by
Standalone Wireless-Detective system or
Distributed Wireless-Detective systems.
35 Cracking/Decryption of WPA-PSK Key
WPA/WPA2-PSK cracking module is optional
(dedicated server). Application Utilizing
Smart Password List attack and GPU technology
(Graphic Cards) to recover or crack the
WPA/WPA2-PSK Key. Supported WPA WPA-PSK (TKIP)
and WPA2-PSK (AES). Speed up to 30 times faster
than normal CPU. GPU supported NVIDIA and ATI
36- Decoding and Reconstruction Protocols supported
- Email
- POP3, SMTP, IMAP
- Webmail (Read and Sent)
- Yahoo Mail (Standard and Beta/2.0), Windows Live
Hotmail, Gmail, Giga Mail etc. - 3. IM/Chat
- Windows Live Messenger-MSN, Yahoo, ICQ, AOL, QQ,
Google Talk, IRC, UT Chat Room, Skype call
session/duration - File Transfer FTP
- File Transfer P2P
- Bittorent, eMule/eDonkey, Gnutella, Fasttrack
- 5. HTTP
- Link, Content, Reconstruct, Upload/Download,
Video Stream - Online Game
- Maplestory, RO, Kartrider, FairyLand, Hero,
WonderLand etc. - Telnet/BBS
- VOIP
- Yahoo Messenger reconstructed back to GIPS
format - Webcam
- Yahoo and MSN Messenger
37 Wireless-Detective GUI Sample Email POP3
Date/Time, From, To, CC, Subject, Account,
Password
38 Wireless-Detective GUI Sample Web Mail (Read)
Date/Time, Content, Web Mail Type
39 Wireless-Detective Sample Web Mail (Sent)
Date/Time, Form, To, CC, BCC, Subject, Webmail
Type
40 Wireless-Detective Sample IM/Chat MSN
Date/Time, User Handle, Participant,
Conversation, Count
41 Wireless-Detective Sample IM/Chat Yahoo
Date/Time, Screen Name, Participant,
Conversation, Count
Including VOIP and Webcam sessions reconstruction
and playback
42 Wireless-Detective Sample File Transfer - FTP
Date/Time, Account, Password, Action, FTP Server
IP, File Name
43 Wireless-Detective Sample Peer to Peer P2P
Date/Time, Port, Peer Port, Tool, File Name,
Action, Hash
44 Wireless-Detective Sample Telnet
Date/Time, Account, Password, Server IP, File Name
Playback of TELNET Session
45 Wireless-Detective Sample HTTP
Link/Content/Reconstruct
Date/Time, URL
Reconstructed Web Pages
46 Wireless-Detective Sample HTTP
Upload/Download
Date/Time, Action, File Name, HTTP
Download/Upload URL, Size
47 Wireless-Detective Sample Online Games
Date/Time, MAC Address, Port, Peer Port, Game Name
48 Wireless-Detective Search Conditional/Free
Text
Search by Parameters/Conditions
Free Text Search
49 Wireless-Detective Alert and Notification by
Condition
Alert Administrator by Parameters/Conditions
50 Wireless-Detective Wireless Equipment Locator
Utilizes Wireless Sensors and Triangulation
Training Methods to estimate the location of the
targeted Wireless Devices. 1 WD Master system
min. 3 WD Slave systems (sensors)
Note WatchGuard.WLAN can be used in place of WD
slave systems for this Wireless Equipment Locator
function)
51 Wireless-Detective - Advantages/Benefits
- Smallest, portable, mobile and light weight WLAN
legal interception system. This allows easy
tracking and capturing of suspects Internet
activities especially suspect moves from one
place to another. Suspect wont notice WD
existence as it looks like normal laptop. - Detects unauthorized WLAN access/intruders (IDS).
- Provides detailed information of AP, Wireless
Routers and Wireless Stations (such as channel,
Mbps, security (encryption), IP, signal strength,
manufacturer, MAC) - Provides capturing of WLAN packets from single
channel, AP, STA or multiple channels by
deploying distributed/multiple systems. That also
means flexibility and scalability of deployment
solution. - Provides decryption of Wireless key, WEP key (WPA
cracking is optional module) - Provides decoding and reconstruction of different
Internet services/protocols on the fly,
reconstructed data is displayed in original
content format on local system Web GUI. - Supports reserving of raw data captured (for
further analysis if required) and archiving of
reconstructed at with hashed export functions. - Supports condition/parameter search and free text
search. - Supports alert by condition/parameter.
- Provides Wireless forbidding/jamming function
- Provides Wireless Equipment Locator function.
- The All-in-One Portable WLAN Interception System
52E-Detective Decoding Centre (EDDC/XDDC)
53 EDDC/XDDC
- EDDC/XDDC is a Unix/Linux based system specially
designed for Offline raw data files
reconstruction. - It allows Administrator to create different
project/case for different user/investigator
(with different level of authority) to conduct
Internet raw data parser and forensics analysis
task on the system. - The system is able to reconstruct Internet
application/services like Email (POP3, SMTP,
IMAP), Webmail (Yahoo Mail, Gmail, Hotmail etc.)
IM (Yahoo, MSN, ICQ, QQ, UT, IRC, Google Talk,
Skype Voice Call Log), File Transfer (FTP, P2P),
HTTP (Link, Content, Reconstruct,
Upload/Download, Video Stream), Telnet, Online
Games, VoIP (Yahoo), Webcam (Yahoo, MSN). -
- User/Case Management Offline Internet Raw Data
Parser/Reconstruction Search Function
Export/Backup
EDDC- Standard Offline Reconstruction System XDDC
Offline Reconstruction with Layer 7 Analytics
NEW!
54- EDDC/XDDC Implementation (1)
Offline Raw Data Decoding and Reconstruction
system. Comes with User and Case Management
functions.
55- EDDC/XDDC Implementation (2)
Offline Raw Data Decoding and Reconstruction
system. Comes with User and Case Management
functions.
Case 1
Case 1
Investigator 1 Case 1
Case 1 Results
Case 2
Case 2
Investigator 2 Case 2
Case 2 Results
56E-Detective VOIP Forensics Intelligence System
57- VOIP Forensic Intelligence System
VOIP Protocols supported SIP (The most common
VOIP protocol used worldwide) H.323
Audio CODECS supported Voice call (VOIP)
sessions can be captured, recorded (in wav file
format) and played back with popular voice media
player. Current available and supported Audio
CODECS developed by Decision include - G.729 -
G.711-a law and G.711-u law - G.723 - G.726 - ILBG
Point to Point Communication
SIP Server Architecture
Relay
Sample Information retrievable
58HTTPS/SSL Network Forensics Device
59- Capable of decrypting HTTPS traffic.
- Two modes of operation
- 1. Man in the Middle Attack (MITM) and
- 2. Offline Method (Decrypting HTTPS raw data
with Private Key Available) - Username and passwords (login) can be captured by
the HTTPS/SSL Device. For instance, Google/Gmail
login, Hotmail login, Yahoo Mail login, Amazon
login etc.
To view encrypted content, a key is a needed
60WatchGuard.WLAN
61 WatchGuard.WLAN
- WLAN IEEE 802.11a/b/g Instruction Detection
System (IDS), WLAN Defender and Jammer System. - WatchGuard.WLAN provides WLAN communication
diagnosis function. It can detect unauthorized
WLAN communication from access point (AP) or
wireless station (STA) within the coverage area.
It can then forbid the unauthorized connection.
Warning/notification Email/message can be sent to
the network administrator. - To prevent/forbid the unauthorized WLAN
connections, the system can pretend as the
station to inform the AP to stop the
communication. Besides, noise signal emission to
the station and/or AP is another method to
prevent/deter wireless communication. -
To protect from outside attack and prevent from
inside leakage!
62 Application Diagram - WatchGuard.WLAN
63 Uniqueness of Decision Computer Group
- Designer, Architect and Manufacturer for variety
of Network Security, Content Forensics and
Internet Interception Solutions. - We provides OEM and ODM services where we accept
customization requirements from customers. -
- Series of Products Offering
- E-Detective (Ethernet LAN and Telco/ISP Lawful
Interception System) - Wireless-Detective (WLAN Lawful Interception
System) - EDDC/XDDC (Offline Internet Decoding and
Reconstruction System) - HTTPS/SSL Interceptor (HTTPS/SSL Decryption
System using MITM attack) - VOIP Forensics Intelligence (VOIP Interception
System) - WatchGuard.WLAN (WLAN Forbidding, Jamming and
Defense tool) - NuBlock (Write Protection Toolkit)
- Industrial I/O Card Series
64 Decision Computer Group - References Customers
- Criminal Investigation Bureau TW
- The Bureau of Investigation Ministry of Justice
TW - National Security Agency (Bureau) in various
countries - Intelligence Agency in various countries
- Ministry of Defense in various countries
- National Police, Royal Police in various
countries - Government Ministries in various countries
- Federal Investigation Bureau in various countries
- Telco/Internet Service Provider in various
countries - Banking and Finance organizations in various
countries -
- Note Due to confidentiality of this
information, the exact name and countries of the
various organizations cannot be revealed.