Professional Documents
Culture Documents
Cyber 2.0 - Forensic Capabilitys
Cyber 2.0 - Forensic Capabilitys
Cyber 2.0 - Forensic Capabilitys
0 Forensic c
These abilities are based on both the Chaos engine and the Reverse tracking mechanism.
Every packet to traverse the network in or out of the computer, passes threw the Cyber 2.0
Chaos engine, and is being logged and the logs are sent to a central controlling server (local
or cloud).
The information is organized and analyzed by the central server. the user can view the
following data:
Network flow (instead of hundred of packets per connection – you see a single flow)
The source and destination of the flow
The source and destination ports
The user that initiate the network flow
The application or process name
The application or process #md5
The path of the running application
In case of a file system access, instead of a port there will be the destination path
and accessed files or doc
Incoming dropped packages
Incoming Broadcasts
Any application that was part of the chain of activation of that network flow
The central server then gives the System Users the Network Analyzer tools to manage, view
and helps them analyze the data:
The Reverse tracking
The Reverse tracking mechanism works on the application layer:
Every time that an application is being opened or an application is using, accessing, sending
data, communicating or doing any sort of interaction with another app or process, it is being
registered and logged and sent to a central controlling server (local or cloud).
The information is organized and analyzed by the central server. the user can view the
following data:
The central server then gives the System Users the Analyzer tools to manage, view and helps
them analyze the data:
The network analyzer tool:
A powerful web interface that incorporate both free text search and fixed parameter
search
To show all the traffic generated by word.exe on a specific computer a week ago between
5am and 8am
You can ask to see all the information sent to port 445 and port 135 (in the same query)
from or to a specific computer
The information as easily searchable and displayed in the form of easily browsed table
Displays all the application and process from all the network computer (where the agent was
installed on)
Farther more, After the information is analyzed by the Central server, the following
information is added: it analyzes the # sent to it against various internet data bases and tells
you what the internet thinks of this application or process.
It shows you the number of antivirus engine (if any) that thinks that this is a malicious
program
And it tells you if this is something that unknown to the internet entirely