Network Forensic Tools

Upcoming Events

IT service and technical support professionals gather at the annual HDI Service Management Conference & Expo to explore some of the hottest topics affecting IT service management. The half-day conference workshops provide the processes, frameworks, templates, and tools to help you meet the service demands of your business..

Email Print Share

1 Comments

Posted by Marisa Mack on December 3, 2004

Tags: Forensic ToolKit, AccessData Corp., Email Examiner, Encase, Guidance Software, Paraben Corp, ProDiscover, Sleuth Kit, Tech-nology Pathways, chain of custody, dtSearch, dtSearch Corp, evidence, hash, incident investigation, intellectual property theft, le-gal team, network forensics, network penetration, Access and Physical Security, Cyberterrorism, Data Protection, Other, Security Policies and Management, Security and Privacy, Software, Software and Web Development, Threats and Attacks, information security

Channel: Data Protection, Other

Product Roll Call

Dig Deeper (on-site search queries)

Network Forensics

Read On

• Stage 1: Network-capable initial analysis products for first responders, such as Guidance's EnCase Enterprise Edition and Technology Pathway's ProDiscover. These two products can acquire drive images remotely in a live environment, and their use eliminates the need for the Stage 2 tools.

• Stage 2: Primary analysis and drive-image acquisition. This stage usually entails obtaining the hard disk of a suspect machine and investigating it in a controlled (not live) environment. AccessData Forensic Toolkit, Encase Forensic Edition and the open-source Sleuth Kit fit this stage. Any one can be used as the primary investigative tool in environments that don't require a network-capable acquisition application. All these products can acquire a full sector-by-sector drive image of any hard disk under investigation; additional sleuthing functionality varies by application.

• Stage 3: Fine-grained keyword searches through disk or partition contents, e-mail-specific searches or Internet history analysis. Paraben's NetAnalysis, E-Mail Examiner and Net E-Mail Examiner, and dtSearch's dtSearch excel here. These tools operate on disk images created by any of the applications from Stages 1 or 2.

Vendors at a Glance
Click to Enlarge

Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Next »

1 Comments

Add Comment

Comment by Amine G. on October 31, 2009 2:50 PM

Nice post and great comparisons.
Thanks

Reply to this comment

Share Email Report

Add Your Comment:

Premium Content

Disk Storage, Heal Thyself

No-maintenance RAID arrays will deliver more efficiency and higher performance, and save money to boot by obviating expensive maintenance plans through built-in spares and other self-healing features. IT groups, especially those with remote locations, could save themselves a bundle by adopting this technology sooner rather than later.

Silo to Gold Mine: What CMIS Can (and Can't) Do for ECM Integration

Enterprises know they could wring more value from their enterprise content management system investments. Unfortunately, integration and interoperability are sticking points. In this Strategy Session report, we investigate whether Oasis' new open Content Management Integration Services standard could be the answer to these woes.

Download: 10 Gotchas That Derail ECM Initiatives

Enterprise content management deployments are fraught with dangers, such as weak search capabilities and poor requirements definitions, that can grind projects to a halt. This report helps CIOs and project leaders move beyond gridlock, choose the right tools and foster seamless integration.

Video

Network Computingwww.networkcomputing.com

Home

News and Analysis

Tech Centers

Channels

Bloggers

Upcoming Events

HDI Service Management 2010 Conference & Expo
October 6-8, Miami

Vendor Newsfeed

Subscribe to Newsletter