E-Detective
Ethernet LAN Interception System (with Real-Time
Content Reconstruction) - 2010
Decision Group
www.edecision4u.com
Introduction to E-Detective
LAN Internet Monitoring, Data Retention, Data Leakage
Protection & Network Forensics Analysis Solution
Solution for:





Organization Internet Monitoring/Network Behavior Recording
Auditing and Record Keeping for Banking and Finance Industry
Forensics Analysis and Investigation,
Legal and Lawful Interception (LI)
Mediation Platform & Tactic Server for Telco Operator
Compliance Solution for:
Sarbanes Oxley Act (SOX), HIPAA, GLBA, SEC etc...
E-Detective Standard System Models and Series (Appliance based)
User can also opt to purchase software license only from us and use their own hardware/server.
FX-06
FX-30N
FX-100
FX-120
E-Detective System Architecture
1010101010
10100101010
Using port-mirroring or
SPAN port
Capture
Packets
Display
Reports
Store
Save
Archive
1010101010
1001100111
1011011101
1100011011
Reassemble
& Decode
E-Detective
Architecture
Reconstruct
Email
Back to Actual
Webmail
Content
IM/Chat
HTTP
File Transfer
Telnet
E-Detective – Mirror Mode Implementation
Organization or Corporate
Network Deployment
E-Detective – Bridge Mode Implementation
E-Detective Lawful Interception Solutions
Telco/ISP
Lawful Interception
Data & Network Protection in Company
Branch Office
Internet
Data Center of HQ
1
G
T1/E1
VPN
(Edge Router)
E-Detective
T1/E1
Firewall
(Edge Router)
VPN
(Edge Router)
Core Switch
……
10G
1G
1G
Central Management
System (CMS)
T1/E1
1G
for aggregation and centralized
management accessible by
CISO
N X E-Detective
1G
VPN
(Edge Router)
E-Detective
Branch Office
Systems for online
real-time construction
on targeted users or IP’s
in different departments
or subnets
NAS/SAN storage for long
period data retention
Bank IT Security
Officers
Compliance with
1. Basel II – risk
management
2. Sarbine-Oxlay –
insider transaction
prevention & anticorruption
3. GLBC – customer
information
protection
Collocate Services for ISPs
T1/E1,
FTTX,
xDSL
Firewall
Data
(Edge Router)
Center of ISP
Private VPN
Gateway
Internet
T1/E1,
FTTX,
xDSL VPN
e-BMS or e-TCS
(Edge Router)
Customer Office
VPN
(Edge Router)
Clients
T1/E1,
FTTX,
xDSL
Server Farm &
NAS/SAN storage
Cloud Computing
Model:
ISP provides private VPN
service, collocate
services with e-Behavior
and e-Total Control
Management, and server
farm & data storage
service for customers.
for long period data
retention
Private VPN
Scope
E-Detective Sample Screenshots - Reports
Homepage – Top-Down Drill to Details Reporting
E-Detective Internet Protocols Supported
Email
Webmail
IM/Chat
(Yahoo,
MSN, ICQ,
QQ, IRC,
Google Talk
Others
Etc.)
Online Games
Telnet etc.
HTTP
(Link, Content,
Reconstruct,
Upload
Download)
File Transfer
FTP, P2P
Sample: Email (POP3, SMTP and IMAP)
Sample: Webmail – Yahoo Mail, Gmail, Hotmail etc…
Webmail Type: Yahoo Mail, Gmail, Windows Live Hotmail, Giga Mail and others
Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…
Sample: File Transfer – FTP Upload/Download
Sample: File Transfer – P2P File Sharing
Supports P2P such as Bittorent, eMule/eDonkey, Fasttrack, Gnutella
Sample: HTTP (Web Link, Content and Reconstruction)
Whois function
provides you the
actual URL Link IP
Address
HTTP Web Page content can be reconstructed
Sample: HTTP Upload/Download
Sample: HTTP Video Streaming (FLV Format)
Playback of Video File
Video Stream (FLV format): Youtube, Google Video, Metacafe.
Sample: Telnet Session (with Play Back)
Sample: VoIP Calls (with Play Back)
Play back of reconstructed VoIP audio file using Media Player
Support RTP Codec such as G.711a-law, G,711µ-law, G.726, G.729, iLBC
Sample: Unknown or Non-Reconstructable
Admin: System Access Authority Assignment
Authority – Visibility and Operation in Group (with User defined)
Authority - Visibility
Authority - Operation
Authority
Groups with
Users
Export & Backup – Auto (by FTP) and Manual
Auto (with FTP) Backup
Manual Backup
Download ISO or Burn in to CD/DVD
Reserved Raw Data Files and
Backup Reconstructed Data Comes
with Hashed Export Function
Alert and Notification – Alert with Content
Alert configured from
different service
categories and
different parameters
such as key word,
account, IP etc.
Alert can be sent to
Administrator by Email
or SMS if SMS
Gateway is available.
Throughput alert function also available!
Search – Free Text, Condition, Association
Complete Search – Free Text Search, Conditional Search, Similar Search
and Association Search
Conditional
Search
Free Text Search
Association
Search
File Checksum (Hash) – Check File Content Integrity
Shows the file lists and user can import files to check and compare with the files that
has been captured by the system.
Compare file content integrity. Abuser might have changed file name and send out
the file to competitor.
Bookmark (for Review Next Time)
Bookmark items and allow the review of the items.
Bookmark items can also be exported.
Reporting – Network Service Usage - Daily
Drill Down Reporting Capabilities
Reporting – Network Service Usage - Weekly
Drill Down Reporting Capabilities
Reporting – Top Websites Viewed (Users)
Reporting – Online IP – Account Lists
Reporting – Daily Excel Log Report
Manually or Automatically
Generate Daily Log Report
In Excel File Format.
High Availability
 2 ways of high availability configuration based
on customer requirement
 Single and simple cluster configuration for
small and mid-size network structure
 Multiple and complex cluster configuration for
large or ISP network structure with real-time
performance
 Site survey and customer requirement in
advance
Company Logo
High Availability Option 1
Single and Simple Cluster Configuration
Under mid-size network struucture, E-Detective in cluster configuration can ensure
High availability requirement
(Mirror or Bridge Connection)
Heartbeat
Line
Data Reconstruction Server
Cluster
(Connected to Network with Single IP)
Fiber Channel
Switches
SNA
Storages
Stand-by
Network Backbone
Active
Dual-Loop Fiber Channel
Connection
• No Single Point of Failure!
• Redundancy Design in Server
Company Logo
High Availability Option 2
Multiple and Complex Cluster Configuration
Under large network structure, E-Detective can be implemented as sniffer probes
and data reconstruction sever cluster to ensure real-time performance and high
availability
Network Loop 1
(Mirror or Bridge Connection)
Network Loop 2
Network Sniffer Probe Group
Dual-Loop Fiber Channel
Connection
Data Reconstruction Server
Cluster (Connected to Network
with Single IP)
Active
(Redundancy
Design in
Server)
Heartbeat Line
SNA
Storages
Fiber Channel
Switches
Stand-by
Company Logo
References – Implementation Sites and Customers












Criminal Investigation Bureau
The Bureau of Investigation Ministry of Justice
National Security Agency (Bureau) in various countries
Intelligence Agency in various countries
Ministry of Defense in various countries
Counter/Anti Terrorism Department
National Police, Royal Police in various countries
Government Ministries in various countries
Federal Investigation Bureau in various countries
Telco/Internet Service Provider in various countries
Banking and Finance organizations in various countries
Others
Notes: Due to confidentiality of this information, the exact name and countries of
the various organizations cannot be revealed.
E-Detective Online Demo https://60.251.127.208 (root/000000)
Decision Group
www.edecision4u.com