Belkasoft Evidence Center 數位證據採集分析、網路安全、電腦鑑識 最佳軟體工具
讓調查員容易去搜索、分析、儲存及共享,在硬碟或電腦的揮發性記憶體(volatile memory)所發現到的數位證據。Evidence Center 將幫助調查員快速地定位分析在社群網路的殘留、即時通訊日誌、網際網路瀏覽器紀錄、受歡迎的電子郵件信箱、點對點對等數據、多玩家遊戲的聊天紀錄、辦公室文件、圖片、影片、加密檔案、手機備份、系統及註冊檔案。
隨著智慧型手機普及和廣泛的使用,促使發展手機的數位鑑證分析,Belkasoft Evidence Center 可從Windows 作業系統、Linux、MacOS X、以及智慧型手機 iOS 、Android、Windows Phone 和黑莓機 Blackberry 提取資料數據,有效協助鑑識人員進行數位證據資料的採集分析。
更新介紹
Belkasoft Evidence Center 2020 v.9.9 (or, in short, BEC) is an all-in-one forensic solution, combining mobile and computer forensics as well as memory, cloud and remote forensics, and incident investigations in a single tool. Given its affordable price, it is one of the best choices among other available products on the market.
The version 9.9 of Belkasoft Evidence Center mostly focuses on two major improvements: correctness of analysis of GrayKey images and zip containers in general, and carving performance. With v.9.9 you can robustly analyze all zip-based data sources. The speed of artifact and file carving is now as quick as never before.
More on new features
Mobile Forensics
checkm8-based acquisition of the full file system supported
GrayKey images analysis massively improved and accelerated
More improvements in iOS acquisition without jailbreak
ADB-based Android device acquisition improved
Agent-based Android device acquisition improved
Android apps supported or updated
Android OneDrive support updated to v. 5.40.4
Android Google Docs supported
Android Google Maps improved
Android Google Translate supported
iOS apps supported or updated
iOS Yahoo Mail app improved
Text extraction improved for iOS Evernote app
Attachments for iOS Evernote now extracted properly
Contacts extracted from Facebook profiles when analyzing iTunes backup
iOS Hangouts messenger supported (including geolocation data extraction)
Computer Forensics
Carving performance is significantly improved
Zip-based data sources analysis is massively improved
Carved data is no more stored in database what will also save significant amount of space for every case
Virus Total analysis fixed
Analysis of Puffin browser for Windows improved
LNK files analysis improvements continued
LNK carving and analysis of carved LNK files is significantly improved
Reports are improved for LNK artifacts
Folder names are extracted for mailboxes of Mail 163 Windows app
Windows OneDrive app support updated
Issues when creating Key dictionary for password bruteforce are fixed
Hex is now displayed for Jumplists and LNK files
Incorrect filter criteria by 'has embedded files' for Documents fixed
Incident Investigation...
Colasoft公司的Colasoft nChrons是分散式和追溯網路分析解決方案,為高性能和關鍵的企業網路設計。它結合了nChronos控制台和nChronos伺服器提供7 * 24小時連續資料包捕獲,存儲無限的資料,高效的資料採擷能力和深入的流量分析。它由nChronos控制台和nChronos伺服器組成;
nChronos控制台提供快速訪問所有分散式部署nChronos伺服器存儲資料包它作為企業網路的管理,這是能夠視覺化企業的整體網路活動的中心,下鑽來隔離性能問題和故障排除高優先順序和關鍵網路問題。
nChronos伺服器進行7 * 24即時資料包捕獲並不斷硬碟存儲,用於快速資料包和統計檢索。憑藉靈活的和非侵入性的部署,與標準的網路鏡像埠或鏈路挖掘技術,它提供了控制台走在時間和完整的追溯網路分析本地的資料包。
nChrons可以幫助IT專業人員
回顧性分析網絡流量的歷史
主動網絡監控和符合成本效益的網絡化管理
有效的精確截取數據和索引
提供取證分析,並降低安全風險
分佈式LAN / WAN網絡管理的遠端訪問
nChronos不僅可以提醒網絡攻擊,還可以記錄所有數據包數據。這種能力可以幫助網絡工程師在發生時“倒回”和“重放”實際的網絡活動。公司有攝像機來監控誰在下班後實際進入他們的業務,現在nChronos網絡工程師可以以類似的方式監控和記錄數據活動。現在是時候了,公司資產和知識產權從數據流和網絡活動中被盜是更大的威脅。通過相對較小的投資,nChronos提供了對所有網絡活動的深入分析和深度數據包分析。
nChronos控制台
提供對存儲數據包的所有分佈式部署的nChronos服務器的快速訪問,它作為企業網絡管理的中心,能夠可視化整個企業網絡活動,向下鑽取以隔離性能問題並解決高優先級和關鍵網絡問題。
nChronos服務器
執行7x24實時數據包捕獲並持續存儲到硬盤以便快速進行數據包和統計檢索。通過使用標準網絡鏡像端口或鏈路分接技術的靈活且非侵入式部署,它為控制台提供本機數據包,以便及時返回並完成回顧性網絡分析。
系統需求
nChronos Standard Technical Specifications
Maximum logical links: 4
Capture interfaces: 8
Analysis performance: Up to 20,000 Mbps
Type of media supported:
10/100/1000/10000 Base-T
10000 Base-SX/LX/ZX
Storage capacity: Depends on hard disk space
Support TAP: Yes
Concurrent connections to server: 2
Note: To have an analysis performance of 20,000 Mbps, professional capture cards are necessary.
System Requirements for nChronos Server
The following table lists the minimum system requirements for nChronos Server.
Operating system: Linux CentOS release 7.1
CPU: 4-core, 1.8GHz
RAM: 16GB
Hard disk: At least one disk with free space of at least 200GB
Network interface: At least 2 network interfaces
Depending on network traffic and analysis performance required, the requirements may be substantially higher.
Factors that contribute to superior performance include high speed CPU, RAM, and high performance disk storage subsystem, and enough hard disk space is required to store network packets and data that you want to have.
System Requirements for nChronos Console
Operating system: Windows 7/8/10
CPU: Dual-core processor (4-core processor recommended)
RAM: 8GB or above
HD space: 100GB (1TB r...
Lansweeper 是一款可以實現對 WINDOWS 網路裡面的電腦軟體、硬體以及與資產管理相關的資訊收集。
它佔用資源少,並且不內嵌任何廣告。無需安裝用戶端,所有資訊收集完全依靠使用WMI篩選器、檔共用以及遠端註冊表的訪問實現。使用 Lansweeper 對於用戶端的數量沒有要求,一台伺服器可以處理10,000台用戶端(取決於你伺服器的性能)。
軟體優勢
不需要安裝客戶端。
不需要指定時間間隔對掃描進行觸發或者計劃。
一般的程序掃描的時間較長。
可以收集到你所想要的資訊。
支援掃描到指定文件夾或者是註冊表鍵值。
更新介紹
ASSET RADAR
Instantly Detect Assets the Moment they Connect to the Network
Lansweeper’s Asset Radar identifies Assets the moment they connect to the network, enabling complete coverage and eliminating blind spots across your IT environment. Gain a deeper understanding of the real-time asset activity on your network and tackle BYOD and Rogue Device challenges.
MIB BROWSER
Unlimited Data on SNMP-enabled Devices
The Lansweeper MIB browser is an indispensable resource to manage SNMP-enabled network devices and applications. Easily walk any MIB tree and determine what MIBs a particular piece of hardware supports. Lansweeper's built-in MIB Browser is shipped with millions of precompiled, unique OIDs from hundreds of standard and vendor MIBs. Or import your own custom SNMP-MIB files through the newly-added MIB Importer. Talking about unlimited data at your disposal.
SILENT INSTALL
Increased Scalability for Large & Complex Environments
Lansweeper can now be installed, uninstalled or updated entirely via Command Prompt (CMD). This can be done attended or unattended and is extremely powerful when setting up large environments with multiple scanning servers in an automated way.
MOBILedit Forensic Express 是一款功能強大且先進的軟體,它使用戶能夠分析其行動設備,生成報告,從電話和雲端服務中提取數據,它是一個包含所有有用和必需工具和功能的一體式軟體平台
MOBILedit是使用物理和邏輯數據採集方法的功能強大的64位應用程式,非常適合其先進的應用程式分析器,刪除的數據恢復,即時更新,支持的電話範圍廣泛(包括大多數功能電話),經過微調的報告,並發電話處理,以及易於使用的用戶界面。使用密碼和PIN密碼鎖,您可以通過GPU加速和多線程操作以最大速度訪問鎖定的ADB或iTunes備份。
Forensic Express提供最大的功能,而價格僅為其他工具的一小部分。它可以用作實驗室中的唯一工具,也可以通過其數據兼容性來增強其他工具的功能。與Camera Ballistics集成後,它將科學地分析相機的照片來源。
Phone extractor with extremely wide range of supported phones
Password breaker with GPU acceleration and multi-threaded operation for maximum speed
iTunes backup analyzer
Android ADB backup analyzer
Applications data analyzer
Photo Recognizer
Deleted data recovery
Cellebrite UFED data analyzer
Cellebrite UFED data generator
Oxygen data analyzer
Report generator
Phone unlocking
Omni 平臺實現了從單一控制臺進行全網範圍的分析與故障診斷,包括廣域網、無線網路。
Omnipeek 不僅僅是一個令人印象深刻的數據包分析,統計數據和可視化集合。憑藉業內最佳的網絡分析工作流程,Omnipeek可以輕鬆深入挖掘,查看,比較,發現並最終縮短平均分辨率(MTTR)。Omnipeek為工程師提供快速分析和洞察力,使他們能夠快速做出關於網絡速度,應用程序性能和安全性的最佳決策。
特色功能
• 基於資訊包流的專家分析系統和應用分析
• 互動式節點圖
• 完整的七層協議解碼
• 應用回應時間(ART)分析
• 安全功能
• 監控與報表
• RMON分散式分析
OmniPeek 新版特色
•Added support for 3rd party authentication
Streamlined workflow for 3rd party authentication leads to improved functionality for Access Control Lists (ACL)
• Expert enhancements
Several new Expert events, improved latency calculations, and other enhancements expand on the capabilities of the
Expert views in Omnipeek.
• VoIP enhancements
New support for ‘Asserted Identity,’ SCTP, and improvements to performance and in synthesizing DTMF audio tones,
add to the power of VoIP analysis in Omnipeek.
• Support for Financial Transaction Card message Interchange
protocol (ISO8583)
Important for many industries, including the Banking Industry, added support for the ISO8583 protocol lets you analyze
key data more effectively than ever before.
• Support for new Savvius hardware appliances
Leveraging the latest Dell architectures and Intel technologies, Savvius’ new appliances and software pushes network
packet capture-to-disk performance to 20 Gbps in a 2RU system, with up to 128 TB of storage.
•WiFi analysis included with LiveCapture 1100
In addition to analyzing wired packet traffic with Omnipeek,built into the LiveCapture 1100 is the capability to capture tunneled wireless traffic from WLAN controllers, enabling you to monitor, analyze, store, and troubleshoot multi-Gigabit speed 802.11ac traffic.
OmniPeek Enterprise 系統需求
Supported Operating Systems and Browser
Windows 10
Windows 8.1 (64-bit)
Windows 7 (64-bit)
Windows Server 2016
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008 R2 (64-bit)
All operating systems require Internet Explorer 9.0 or later
Important Note:The only wireless drivers that include 64-bit support are the Ralink and Atheros drivers. Standard Ethernet 10/100/1000 cards are supported on Windows 64-bit operating systems.
Recommended System
Intel Core i3 or higher Processor, 8G RAM, 40GB available HD Space
Minimum System Requirements
Capture Engine for Omnipeek supports most rack mount, desktop and luggable computers as long as the basic system requirements to run the supported operating systems are met. To analyze 10 Gigabit, Gigabit, or Wireless traffic, a supported Network Analyzer Card or Wireless LAN Adapter is required. Depending on traffic and the particular usage of the capture engine, the...