CSS Cascade Menu by Css3Menu.com

CSS Cascade Menu by Css3Menu.com


Network Forensics is where live data traveling over the network wire is collected, preserved, and analyzed for relevant evidence. Many a time, certain types of computer crime, especially involving theft of intellectual property or leakage of information, cannot be investigated without use of Network Forensic tools and methodologies. Our clients hire us to investigate IT crimes and deliver evidence for the resolution of existing or potential crimes. This is just one portion of our investigative work, but it is growing rapidly as the world becomes more wired. More and more cases involve insider abuse of IT resources, industrial espionage, theft of intellectual property, leaked information, and general malicious activity.

Typical computer forensics analyzes individual hard drives for suspicious data stored on a storage medium. This approach is limited, since illegal behavior can be purged from drives by professional criminals or even by those with basic computer knowledge and skills. We needed to increase our computer forensics capabilities and examine live information passing through our clients’ networks. If we could capture suspicious network communications, we could answer questions, such as:

  • What documents and data are suspects reading?
  • Are they going into areas where they don’t belong?
  • What servers are being accessed?
  • Are they sending sensitive information outside of company firewalls using personal or anonymous email accounts or uploading files to cloud based file storage sites such as “Carbonite”?
  • What web sites are being accessed?
  • What type of content being downloaded into our network?

Network Forensic analysis tools passively collect and analyze network packet data so our investigators can effectively detect and investigate illicit activity. Network Forensics is one of the most important tools we use, as in many instances, traditional IT forensics is just not sufficient. Deployment of Network Forensics tools is basically like a video surveillance camera running nonstop on the client network, recording all traffic in and out. Because of their relatively high cost, even the most sophisticated big-name vendors do not own such tools.

Access Data, Silent Runner Sentinel

Developed by Access Data, Silent Runner Sentinel operates as a network surveillance camera. It allows you to monitor, capture, analyze, and graphically visualize network traffic to see exactly what is happening on your network during an audit or cyber investigation. By watching network communications from a high level, patterns and communication paths that allow us to zero in on suspicious activity such as policy violations, internal collusion, bandwidth overuse, and questionable in- or outbound connections will be uncovered. Additionally, the visibility gained by using SilentRunner Sentinel enables us to clearly determine the scope and scale of a security breach, as well as proactively identify weaknesses in security configurations.


NetReplay, exclusive to Cyber Diligence, is the world's first enterprise-class Network Content Recorder -- a solution that monitors, captures, and text indexes all user communications including email, web mail, IM, blogs, and VoIP in real-time. NetReplay offers a unified approach where all types of digital communication are monitored and stored in a single system. NetReplay handles previously-unmanageable volumes of data, allows user communication to be replayed as the user saw it, and allows suspect content to be visually tracked and traced. Customers are in highly-regulated industries and governments where NetReplay aids in risk mitigation and compliance with regulations on the recording of communication and eDiscovery.

eTrust Network Forensic

eTrust™ Network Forensics from Computer Associates International, Inc. (CA) is a revolutionary threat-management solution that employs a methodology known as network security analysis, designed to help enterprises investigate nodal communication patterns and dependencies. eTrust Network Forensics captures raw network data and uses advanced forensics analysis to identify how business assets are affected by network exploits, internal data theft, and security or HR policy violations. In addition, it will show how its patented technology allows IT and security staff to visualize network activity, uncover anomalous traffic, and investigate breaches with a single, convenient solution.


Wireshark is a network protocol analyzer, and is the standard in many industries. It captures packets in real time and displays them in an easily readable format. Wireshark includes filters, color coding, and other features that allow us to dig deeper into network traffic and inspect individual packets. This program enables us to read or write many different capture file formats such as: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, NAI Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Network Instruments Observer, Novell LANalyzer, RADCOM WAN or LAN Analyzer, Shomiti or Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, and WildPackets EtherPeek,TokenPeek, or AiroPeek.