Scribd Logo
Upload

Welcome to Scribd!

  • 0 views

    Cyber 2.0 - Forensic Capabilitys

    Uploaded by

    erezk

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Cyber 2.0 - Forensic Capabilitys

    Uploaded by

    erezk
    0 views8 pages

    Original Title

    Cyber 2.0 - Forensic capabilitys (1) (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    0 views8 pages

    Cyber 2.0 - Forensic Capabilitys

    Uploaded by

    erezk

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 8

    Cyber 2.

    0 Forensic c

    Erez Kaplan Haelion


    Cyber 2.0
    Table of Contents
    Cyber 2.0 - Forensic capability’s...............................................................................................2
    The Chaos engine:....................................................................................................................2
    The Reverse tracking................................................................................................................3
    The network analyzer tool:.......................................................................................................4
    The analyzer tool:.....................................................................................................................5
    appendix...................................................................................................................................6
    More screen shots examples................................................................................................6
    Cyber 2.0 - Forensic capability’s
    Cyber 2.0 has a very powerful and comprehensive monitoring, inventory and forensic
    capabilities.

    These abilities are based on both the Chaos engine and the Reverse tracking mechanism.

    The Chaos engine:


    The chaos engine works on the network layer:

    Every packet to traverse the network in or out of the computer, passes threw the Cyber 2.0
    Chaos engine, and is being logged and the logs are sent to a central controlling server (local
    or cloud).

    The information is organized and analyzed by the central server. the user can view the
    following data:

     Network flow (instead of hundred of packets per connection – you see a single flow)
     The source and destination of the flow
     The source and destination ports
     The user that initiate the network flow
     The application or process name
     The application or process #md5
     The path of the running application
     In case of a file system access, instead of a port there will be the destination path
    and accessed files or doc
     Incoming dropped packages
     Incoming Broadcasts
     Any application that was part of the chain of activation of that network flow

    The central server then gives the System Users the Network Analyzer tools to manage, view
    and helps them analyze the data:
    The Reverse tracking
    The Reverse tracking mechanism works on the application layer:

    Every time that an application is being opened or an application is using, accessing, sending
    data, communicating or doing any sort of interaction with another app or process, it is being
    registered and logged and sent to a central controlling server (local or cloud).

    The information is organized and analyzed by the central server. the user can view the
    following data:

     Any file or process that has been running on any computer


     Display name and True name of the process or file - (when applicable – not all
    process and files have a true version)
     The version of each file or process (when applicable – not all process and files have a
    true version)
     The #md5
     Allow the Chaos engine to display the chain of networks flows

    The central server then gives the System Users the Analyzer tools to manage, view and helps
    them analyze the data:
    The network analyzer tool:
     A powerful web interface that incorporate both free text search and fixed parameter
    search

    You can ask this tool for example:

    To show all the traffic generated by word.exe on a specific computer a week ago between
    5am and 8am

    You can ask to see all the information sent to port 445 and port 135 (in the same query)
    from or to a specific computer

    The information as easily searchable and displayed in the form of easily browsed table

    an example with the free text search:


    The analyzer tool:
    Acts as an advanced inventory:

    Displays all the application and process from all the network computer (where the agent was
    installed on)

    It can show you all the application from a specific computer

    Or a specific application, on which computers it is installed

    Farther more, After the information is analyzed by the Central server, the following
    information is added: it analyzes the # sent to it against various internet data bases and tells
    you what the internet thinks of this application or process.

    It shows you the number of antivirus engine (if any) that thinks that this is a malicious
    program

    It gives you a link to virus total

    And it tells you if this is something that unknown to the internet entirely

    an example that show a software and the commuters it is own:


    appendix
    More screen shots examples

    Network analyzer with basics filters:

    File Analyzer with simple filter


    File Analyzer advanced filter

    You might also like