More information >>
More information >>
More information >>
More information >>
More information >>
|
|
The “deep internet resource analysis” or “deep analysis” module is the most general module. It starts from a single internet resource and it will retrieve a set of data for this internet resource by using multiple internet protocols. In many cases the result is another internet resource (e.g. the IP address of a domain name). The analysis can be continued by using the resulting internet resources as input. This is done by expanding nodes in a tree. This method allows to dig deeper by expanding certain paths of the tree. The tree visualises the relationship between internet resources on the internet and it automates the tasks as performed by internet forensic expert. By following the relationships between internet resources experts try to find out more information on internet resources and ultimately they hope to reveal the identity of a person, organization or company responsible for certain actions. More information >> |
|
|
|
The “Bulk analysis” module allows to perform an analysis on a list of internet resources. For example when a list of IP addresses is retrieved from a log file, these IP’s can be analysed in bulk. The result is a grid displaying comprehensive information on each internet resource. The internet resources in the grid (both from the input and the results) can be clicked to start an in-depth analysis with the “deep analysis” module. More information >> |
|
|
|
The “E-mail header analysis” module allows to perform a forensic analysis in the e-mail headers of an e-mail message. The e-mail headers contain information which is added by the mail servers as the message travels from sender to recipient. By analysing the e-mail headers, the origin of the e-mail can be researched. All internet resources found in the headers (e.g. IP addresses or names of mail servers) can be clicked to start an in-depth analysis with the “deep analysis” module. More information >> |
|
|
|
The “Log file analysis” module allows the easy and thorough investigation of log files from various sources, such as log files of web servers Apache and Microsoft IIS. The log file is represented in a grid (comparable to a Microsoft Excel worksheet). Filters can be set to view only a subset of relevant data. The log file data can be searched for known hacking signatures to quickly find the data related to an intrusion or intrusion attempt. All internet resources found in the log file can be clicked to start an in-depth analysis with the “deep analysis” module. For example the IP address of the client used to gain access to a web server can be analysed to find the hacker. More information >> |
|
|
|
The “Web traps” module is a tool which can be used to find the identity of a person on the internet, when all other methods fail. In contract with the other modules, the “Web trap” module does not use passive investigation techniques. Using this module, the investigator can set up one or more web traps. A web trap is a harmless looking URL and the aim is tricking the person under investigation to click this URL on his/her computer. By clicking the URL information of the client computer is logged, without the person under investigation knowing this or noticing anything unusual. The investigator receives a notice when the web trap is clicked and can start an in-depth analysis on the IP address of the client computer, using the “deep analysis” module. The “Web trap” module can for example be used to find the owner of an anonymous Hotmail e-mail address. More information >> |