Belkasoft Evidence Center X 數位證據採集分析、網路安全、電腦鑑識 最佳軟體工具
讓調查員容易去搜索、分析、儲存及共享,在硬碟或電腦的揮發性記憶體(volatile memory)所發現到的數位證據。Evidence Center 將幫助調查員快速地定位分析在社群網路的殘留、即時通訊日誌、網際網路瀏覽器紀錄、受歡迎的電子郵件信箱、點對點對等數據、多玩家遊戲的聊天紀錄、辦公室文件、圖片、影片、加密檔案、手機備份、系統及註冊檔案。
隨著智慧型手機普及和廣泛的使用,促使發展手機的數位鑑證分析,Belkasoft Evidence Center 可從Windows 作業系統、Linux、MacOS X、以及智慧型手機 iOS 、Android、Windows Phone 和黑莓機 Blackberry 提取資料數據,有效協助鑑識人員進行數位證據資料的採集分析。
更新介紹
The major updates in v.2.0 include:
High-performance database engine
Significant improvements in mobile forensics: Android SIM card acquisition and more
Enhanced drone support
Extensive hashset improvements
Automation enhancements
NTFS Volume Shadow Copy deduplication
Improvements in cloud forensics
Various improvements in third-party integrations: including Volatility, Clam AV, and VirusTotal
Significant updates to Sigma and YARA rules
Cellebrite BlackLight
快速分析電腦容量,以便在Windows和Mac上進行智能全面的分析。
電腦取證調查在不斷增長,尤其是隨著組織和法律的發展 , 執法人員意識到在進行公司和刑事調查時,存儲在電腦上的有價值的數據可以幫助揭示整個情況 。
Cellebrite BlackLight 在全世界範圍內被審查人員使用,以快速,全面地分析電腦提取數據。 審查人員可以快速有效地查找互聯網歷史記錄,下載,近期搜索,熱門站點,位置,媒體,通訊,回收站,USB連接等等。 借助AI輔助的圖片和視頻分類功能,強大的過濾功能以及對用於整個磁盤加密的最新系統的支持,Cellebrite BlackLight可以顯示整個磁盤事件的時間表,並揭示每個案例背後的真實故事。
特色
Key Benefits
Windows
Support
Review device history from
Microsoft Volume Shadow
Copies
Built-in Windows
Memory and Windows
Registry analysis
Automatically parse
account information,
recent documents,
downloads, recyclr bin,
USB connections and
more
Supporting user
activity and registry
artifacts such as: jump
list, shell bags, prefetch,
Windows 10 timeline
activity, srum and more
Mac
Support
Full support for Apple
Latest Systems APFS;
including T2 chip, fusion
and encrypted devices
Review device history from
APFS Snapshots and Time
Machine backups
Display and search
unified log, Spotlight and
KnowledgeC data
Review downloads, WiFi
connections, recent
documents, and user
activity
iOS and
Android
Support
Easy view message
conversations
Review Health data, Wallet
transactions and Calendar
activity
Ingest many Cellebrite
extractions
Built in SQLite and
Plist viewing to review
application data
Streamlined
Workflows
Ingest data into Cellebrite
Pathfinder for a
centralized review of
computer data
Includes support for
integrations with products
such as Berla, Semantics
21, PhotoDNA, Project Vic,
APOLLO and more
Enhanced capabilities to
produce e-Discovery
exports
Share reports with
external stakeholders
using portable case review
Colasoft公司的 Colasoft nChrons 是分散式和追溯網路分析解決方案,為高性能和關鍵的企業網路設計。它結合了nChronos控制台和nChronos伺服器提供7 * 24小時連續資料包捕獲,存儲無限的資料,高效的資料採擷能力和深入的流量分析。它由nChronos控制台和nChronos伺服器組成;
nChronos控制台提供快速訪問所有分散式部署nChronos伺服器存儲資料包它作為企業網路的管理,這是能夠視覺化企業的整體網路活動的中心,下鑽來隔離性能問題和故障排除高優先順序和關鍵網路問題。
nChronos伺服器進行7 * 24即時資料包捕獲並不斷硬碟存儲,用於快速資料包和統計檢索。憑藉靈活的和非侵入性的部署,與標準的網路鏡像埠或鏈路挖掘技術,它提供了控制台走在時間和完整的追溯網路分析本地的資料包。
nChrons可以幫助IT專業人員
回顧性分析網絡流量的歷史
主動網絡監控和符合成本效益的網絡化管理
有效的精確截取數據和索引
提供取證分析,並降低安全風險
分佈式LAN / WAN網絡管理的遠端訪問
nChronos不僅可以提醒網絡攻擊,還可以記錄所有數據包數據。這種能力可以幫助網絡工程師在發生時“倒回”和“重放”實際的網絡活動。公司有攝像機來監控誰在下班後實際進入他們的業務,現在nChronos網絡工程師可以以類似的方式監控和記錄數據活動。現在是時候了,公司資產和知識產權從數據流和網絡活動中被盜是更大的威脅。通過相對較小的投資,nChronos提供了對所有網絡活動的深入分析和深度數據包分析。
nChronos控制台
提供對存儲數據包的所有分佈式部署的nChronos服務器的快速訪問,它作為企業網絡管理的中心,能夠可視化整個企業網絡活動,向下鑽取以隔離性能問題並解決高優先級和關鍵網絡問題。
nChronos服務器
執行7x24實時數據包捕獲並持續存儲到硬盤以便快速進行數據包和統計檢索。通過使用標準網絡鏡像端口或鏈路分接技術的靈活且非侵入式部署,它為控制台提供本機數據包,以便及時返回並完成回顧性網絡分析。
系統需求
nChronos Standard Technical Specifications
Maximum logical links: 4
Capture interfaces: 8
Analysis performance: Up to 100,000 Mbps
Type of media supported:
10/100/1000/10000 Base-T
10000 Base-SX/LX/ZX
Storage capacity: Depends on hard disk space
Support TAP: Yes
Concurrent connections to server: 2
Note: To have an analysis performance of 100,000 Mbps, professional capture cards are necessary.
System Requirements for nChronos Server
The following table lists the minimum system requirements for nChronos Server.
Operating system: Linux CentOS 7.1/7.4/7.8/7.9
CPU: 10-core, 2.2GHz
RAM: 64GB
Hard disk: At least two disks(physical or logical) with free space of at least 32TB
Network interface: At least 2 network interfaces
Depending on network traffic and analysis performance required, the requirements may be substantially higher.
Factors that contribute to superior performance include high speed CPU, RAM, and high performance disk storage subsystem, and enough hard disk space is required to store network packets and data that you want to have.
System Requirements for nChronos Console
Operating system: Windows 7/8/10/Server 2008/Server 2012
CPU: Dual-core processor (4-core processo...
IPinfo
IPinfo 是行業領先的 IP 數據提供商,專注於 IP 到地理位置、ASN、IP 到公司、VPN 檢測、IP 到運營商、IP 範圍和託管域數據。借助 IPinfo 的 IP 數據,企業可以查明用戶的位置、定制體驗、防止欺詐並確保合規性。所有數據集都可以通過 API 或各種可下載格式獲得。IPinfo API 每年處理 4200 億次 API 請求,自 2013 年以來一直在線。它可靠、可擴展、簡單且易於使用!
MOBILedit Forensic Express 是一款功能強大且先進的軟體,它使用戶能夠分析其行動設備,生成報告,從電話和雲端服務中提取數據,它是一個包含所有有用和必需工具和功能的一體式軟體平台
MOBILedit是使用物理和邏輯數據採集方法的功能強大的64位應用程式,非常適合其先進的應用程式分析器,刪除的數據恢復,即時更新,支持的電話範圍廣泛(包括大多數功能電話),經過微調的報告,並發電話處理,以及易於使用的用戶界面。使用密碼和PIN密碼鎖,您可以通過GPU加速和多線程操作以最大速度訪問鎖定的ADB或iTunes備份。
Forensic Express提供最大的功能,而價格僅為其他工具的一小部分。它可以用作實驗室中的唯一工具,也可以通過其數據兼容性來增強其他工具的功能。與Camera Ballistics集成後,它將科學地分析相機的照片來源。
Phone extractor with extremely wide range of supported phones
Password breaker with GPU acceleration and multi-threaded operation for maximum speed
iTunes backup analyzer
Android ADB backup analyzer
Applications data analyzer
Photo Recognizer
Deleted data recovery
Cellebrite UFED data analyzer
Cellebrite UFED data generator
Oxygen data analyzer
Report generator
Phone unlocking
Omni 平臺實現了從單一控制臺進行全網範圍的分析與故障診斷,包括廣域網、無線網路。
Omnipeek 不僅僅是一個令人印象深刻的數據包分析,統計數據和可視化集合。憑藉業內最佳的網絡分析工作流程,Omnipeek可以輕鬆深入挖掘,查看,比較,發現並最終縮短平均分辨率(MTTR)。Omnipeek為工程師提供快速分析和洞察力,使他們能夠快速做出關於網絡速度,應用程序性能和安全性的最佳決策。
特色功能
• 基於資訊包流的專家分析系統和應用分析
• 互動式節點圖
• 完整的七層協議解碼
• 應用回應時間(ART)分析
• 安全功能
• 監控與報表
• RMON分散式分析
OmniPeek 更新介紹
Added more file reconstructions from packets
FTP/TFTP
SMB
Updated graphical elements in Omnipeek to reflect new branding
Updated the geolocation database
Made default packet capture file size variable based on the appliance/form factor
Added Export to CSV option to Expert and VoIP views in LiveWire Omnipeek
Removed the product version from the LiveWire Omnipeek login screen
Added support to allow IP subnet filter without single quotes
Added first-time setup that enforces default password change
OmniPeek 系統需求
The system requirements for Omnipeek are:
Windows 11, Windows 10, Windows 8.1 64-bit, Windows 7 64-bit, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 64-bit
NOTE: For Windows 7 and Windows Server 2008 R2, SHA-2 code signing is required to run Omnipeek. Typically, for users that are updated automatically using Microsoft Update, this is installed automatically; otherwise, you will need to install the SHA-2 update manually. See Microsoft KB3033929.
Omnipeek supports most rack mount, desktop and portable computers as long as the basic system requirements to run the supported operating systems are met. Depending on traffic and the particular usage of Omnipeek, the requirements may be substantially higher.
The following system is recommended for Omnipeek:
Intel Core i3 or higher processor
4 GB RAM
40 GB available hard disk space
Factors that contribute towards superior performance include high speed CPU, number of CPUs, amount of RAM, high performance disk storage subsystem (RAID 0), and as much additional hard disk space as is required to save the trace files that you plan to manage. Supported operating systems require users to have Administrator level privileges in order to load and unload device drivers, or to select a network adapter for the program’s use in capturing packets.