Network Analysis: The Future is Now, and it’s FREE

November 17, 2008 by PatB | 2 comments

Anyone in the cyber field that has been involved in a network investigation to determine the source and scope of a compromise knows that the process is time intensive.  Traditionally, such investigations require logfiles from various sources:  routers, firewalls, intrusion detection systems, and maybe packet captures from a sniffer if you have one.  Reconstructing the sessions require matching up the timestamps, whiteboarding the data flows, and storing the logs for evidence in case law enforcement is involved.  Only the truly skilled can determine exactly what was stolen from the network.

But along comes the former US Cyber Czar, Amit Yoran, with his company’s flagship product-  Netwitness Investigator.  This tool can reconstruct a network compromise on the fly, and it does so without the need to understand Hexidecimal code or have a protocol analyzer handy.  All sessions are reconstructed so the analyst can see exactly what the attackers did-  Web surfing sessions are rebuilt, emails and their attachments are reconstructed, VOIP is reassembled in an easy-to-listen player, and you can even map out the complete attack using Google Earth!

If you have ever watched 24 and scoffed at the abilities of the CTU cyber team to instantly analyze the sources of internet attacks or communications, scoff no more.  Netwitness’ Investigator would make those tasks possible.  The software, developed as a project for the CIA, is already in use in many government and national law enforcement agencies.

And the tool is now completely free.  You can download it here.  Rich Steinnon of Network World and Threat Chaos said of Investigator here:

This is the first software I have ever installed that comes with links to a YouTube channel for easy to follow training on how to use the product.   There is a registration process but it goes quickly.  Amit assured me that this is not in any way a watered down version of their product. The free version has all of the functionality of the commercial Investigator. It does have limits set on the size of a session that can be recorded of 1 gig.  That should be more than enough for most investigations.

This tool represents a giant leap forward for cyber professionals.  It consolidates many tools that have been around for a decade into an easy-to-use package for network forensics.  And it should be an invaluable weapon in the fight against black hat hackers, ID thieves, and phishers too.

Sharing is Sexy!
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • MySpace
  • FriendFeed
  • del.icio.us
  • Google Bookmarks
  • email
Related Posts:
  1. Free SolarWinds Network Configuration Manager – 30 Day Trial
  2. An introduction to SpiceWorks: The free and awesome way to manage your network
  3. Spiceworks 3.0: Taking Network Management to the Next Level
  4. Followup: San Fran Network Guru Coughs Up Key for Mayor
Cool posts on other blogs:

Posted in Security, Software | 2 Comments »

Did you enjoy this post? If so, subscribe to the geeksaresexy RSS feed.

2 Responses to “Network Analysis: The Future is Now, and it’s FREE”

  1. Binary Assassin says:
    November 17, 2008 at 9:32 am

    No F***** WAY!!!
    This is just too good to be true.
    I am checking this out TODAY!!

    Reply
  2. Jim Gaudet says:
    November 17, 2008 at 6:35 pm

    Better than Wireshark. I hope so. But coming from the CIA, I worry about what is happening to my system.. I will test in a secure environment!!!!

    Reply

Leave a Reply


| [Geeks are Sexy] Privacy Policy | Legal Disclaimer |