Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
Tracing in an enterprise environment presents particular challenges. Let's say we want to see everything going in an out of an application server. We can get a monitor session configured, hook up a laptop with dumpcap, start the capture and hey presto, you've got 500 GB of data to analyze.
How can we find the problem in all that trace data?
Win-UFO uses many tools that are free for download by anyone on the internet. The key to Win-UFO is the reporting we created on the front end for the rest of us.
Win-UFO logs the actions taken by the user in a html report file. It is important to track the actions you take on a live system so as to show later in court that you did not add or take away from the evidence in question.
What was done is all these tools that are spread out over the internet, were brought together and made simple to use to collect data and log each step for you.
A series of videos will be released on Win-UFO for your review. You can check out some other great links over at caseymullis.com. Thank you for stopping by LoveMyTool and we look forward to hearing back from you.
How many are too many tools in a computer forensic examiner’s toolbox? I say “More the better!” In today’s technological world, one can never have too many tools. In most cases examiners do not have enough tools or better yet the right tool for the job. They find a way to try and make do because of budgetary issues or administration decisions.
Over the past few days, Wireshark instructors, users, developers, and varied supporters gathered at the Clark Kerr Campus of UC Berkeley for another successful conference. Attendees were able to glean tips, tricks, and use cases from some of the most experienced Wireshark users in the world, learning new ways to solve network and application problems with the industry's most popular protocol analyzer. Over 15 countries were represented, with attendees selecting from 48 instructional sessions, several hands on labs, three keynote addresses, and some great social events. A bootcamp session to prepare attendees for the Wireshark Certified Network Analyst exam followed on the heels of the conference, delivered by none other than Laura Chappell.
Here on LoveMyTool, we will be featuring several of these sessions and sharing some of the not-to-be-missed content that was exclusive to Sharkfest. We invite you to watch, comment, and share your thoughts as the sessions and Keynotes are posted.
These sessions will include:
Keynote - The History of Wireshark (Gerald Combs)
Keynote - Ethernet Review (Rich Seifert)
Deep Dive Packet Analysis (Hansang Bae)
Inside the TCP Handshake (Betty Debois)
Ask the Experts Session (Chris Bidwell)
Stay tuned, these sessions and more will be posted over the next few weeks here on LoveMyTool.
Author Profile - Chris Greer is a Network Analyst for Packet Pioneer. Chris has many years of experience in analyzing and troubleshooting networks. He regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. When he isn’t hunting down problems at the packet level, he can be found teaching various analysis workshops at Interop and other industry trade shows. Chris also delivers training and develops technical content for several analysis vendors. He can be contacted at chris (at) packetpioneer (dot) com.
Just another small tool, only 85KB, with great potential. HashCheck provides an easy way to check, which files are changed or deleted. This tool might help you, when you want to monitor folders, for instance the Program Files folder. This can be very handy, when you install/uninstall programs. It can be very handy to see, which files are changed or removed.