EnCase 是數位鑑識領域中,非常有名的一套軟體,為Guidance Software公司生產, 該公司成立於1997年,開發團隊的成員多半是具有數位鑑識人員(專家)背景. EnCase支援各種作業系統及檔案系統,為國際間普遍被採用的專業電腦鑑識軟體。
功能介紹
Forensics report (產生鑑識報告)
Image gallery (圖片檔案快速瀏覽)
View Registry (檢視登錄檔)
CDFS support (支援CDFS格式)
Password recovery (密碼破解,為PLSP選購模組)
Keyword search (關鍵字搜尋)
E-mail search (電子郵件搜尋)
NTFS support (支援NTFS格式)
FAT 16/32 support (支援FAT16/32格式)
EXT2/3 support (支援EXT2/3格式)
File Recovery (刪除檔案復原)
Validate Image (映像檔驗證)
Duplicate (建立數位證物映像檔)
Wipe Disk (清理磁碟紀錄)
Web History/Cookie/Cache/URLtyped (網路瀏覽紀錄檢視)
Text indexing (檔案建立索引)
Encase 64-Bit support
DBX/PST/EDB/NSF (電子郵件檢視及搜尋功能)
支援繁/簡體中文及各國多語系的文件搜尋
更新介紹
EnCase Forensic 8.07:超越性能
基於8.06的性能增強,我們最新版本的EnCase Forensic引入了新的客戶驅動增強功能,使數字調查更上一層樓。更新的加密支持,Apple文件系統支持和卷影複製功能只是一些新的增強功能,旨在幫助您以最佳的用戶體驗高效,準確地收集和分析所需的證據。
macOS APFS Support
EnCase Forensic now supports APFS, the file system used in the Apple High Sierra operating system
(macOS 10.13).
The following APFS features are not yet supported in this release: snapshots, crash protection,
checkpoints, fast directory sizing, and encryption support.
Support for Symantec PGP Version 10.3
EnCase Forensic now supports Symantec PGP Version 10.3.
Support for Dell Data Protection 8.17
EnCase Forensic now supports Dell Data Protection Version 8.17.
Support for Microsoft BitLocker XTS-AES
EnCase Forensic now supports decryption of the Microsoft BitLocker XTS-AES encryption algorithm.
Auto Refresh Added to Enhanced Agent Monitor Tab
The Enhanced Agent Monitor tab in EnCase Forensic now has auto refresh functionality and will
refresh jobs every five minutes by default. You can manually refresh from the title bar using the
Refresh button, or you can change settings by clicking the Auto Refresh button in the Enhanced Agent
Monitor tab title bar and making changes in the dialog box that displays.
Add Word Delimiters to Search Index
You can now add word delimiters to your search index in addition to the default delimiters used with
each language analyzer. Word delimiters are used to identify breaks between words in indexed data.
Each Language analyzer has one or more standard delimiters it uses by default. There is no need to
enter a delimiter if the language you are indexing uses that delimiter by default.
The indexing engine in EnCase Forensic uses the following delimiters for all analyzers by default. There
is no need to add a delimiter if it is in this list.
Cloudflare 企業方案的優點與功能
Web 現況
在現今世界中,您的網站就是您的業務命脈。然而,網站維護與運作比以往更為複雜。Web 的高度開放性也是其弱點:攻擊者可以找到多個網路通訊層與各種通訊協定的弱點。犧牲效能來封鎖每個可能的受攻擊面並不是一個好主意。因此,您需要一個簡單、經濟且可跨電腦、行動裝置與網路運作的解決方案。
Cloudflare 讓您只需要簡單地變更 DNS,就能保護您的網站,並提高其執行速度與可用性。Cloudflare已重新思考網路、硬體與軟體層的整個技術堆疊,並在高可用性全球網路上建置反向 Proxy 服務。透過以雲端服務方式提供此功能,Cloudflare可協助您節省時間、金錢與精力。Cloudflare不斷創新,帶來的全新 Web 體驗,都將持續嘉惠於您,讓您的網站訪客在使用時更安全愉快。
功能一覽
超過 25 億個唯一 IP
550 萬個網站且持續增加中
每天處理數十億次網頁瀏覽要求的全球網路
廣泛的客戶群뼷包括主要消費者網站뼵政府機構與企業
Flat Bandwidth Pricing
With Cloudflare’s content delivery network, you’ll never be charged for bandwidth. This means predictable monthly bills, regardless of the amount of traffic served from our edge.
LanScope Cat IT資產管理和資料丟失預防軟體
由日本 MOTEX Inc. 公司開發的 LanScope Cat 軟體功能強大,主要功能有 Asset Management 資產管理、Operations Log Management 日誌管理、Web Access Management 訪問管理,及 Device Control。
軟體可以綜合管理IT資產,自動收集 IT 設備內部重要信息,操作日誌管理 Web 訪問管理、設備控制、電子郵件管理、應用程式 ID 監察等主要功能,以及伺服器 Log 訪問日誌管理、文件伺服器容量管理、域名登錄,註銷管理等多個特色功能,針對已知和未知的惡意軟體防護,為企業內部資料洩漏施以對策方案,有效解決資訊安全問題。
軟體工具檢測惡意軟體,追蹤進入通路的隔離。有些不能完全防止惡意軟體的新物種繼續在傳統的反病毒措施成長,某些情況下,不知道感染。這是一個挑戰,即使知道有病毒感染,可能需要很長的時間來確定原因。LanScope Cat 軟體擁有IT網路管理和資料丟失預防工具的強大功能,提供企業防毒及資料洩漏和丟失預防的最佳解決方案。
The actual causes of information leaks are mostly employees or contractors who bring out data in e-mail or recording media or copies of paper materials. As described above, companies suffer great damage due to information leaks. These costs are not only in the form of apologizing to victims and investigation costs, but in the loss of trust in the company and brand image. The effect on a company of just one information leak is immeasurable. And 80% of them are caused from the inside.
Manage IT assets
Monitor asset performance
We automatically collect information to ascertain usage status of IT assets, including PCs and software, and create an environment to render the best performance by setting up the right resources in the right places.
Employee monitoring
Productivity management
By recording computer usage, we can suppress illicit and non-business use. Also, we learn about and analyze usage of IT assets and work status, creating improved operational efficiency and productivity.
USB control, app control
Control of data removal
By visualizing data usage and controlling routes through which information can leak (Web, devices, apps, PCs), we protect personal information and your company's secret information.
(Magnet Axiom Complete原名INTERNET EVIDENCE FINDER)
Magnet Axiom Complete是款用來獲取、恢復和分析網際網路通信痕跡的利器。因其易用性、簡明行和全面性而聞名。其能夠幫助政府執法部門、軍事/情報機構人員、海關/邊境檢查人員、企業安全人員對Windows和Mac電腦以及Android和iOS移動設備進行電子取證調查。詳細介紹請見後面欄位!
IEF 對於企業的益處
The ability to recover digital evidence is becoming business-critical. Magnet Axiom Complete is the secret weapon every organization should have in its forensic toolkit.
IEF can search a hard drive, live RAM, or files for Internet-related data. The software is designed with digital forensics examiners/investigators in mind. IEF is also used by IT security professionals, litigation support personnel, incident response teams, cyber security specialists and corporate investigators.
IEF can recover data from social networking communications, instant messenger chat histories, popular webmail applications, web browsing history, and peer-to-peer sites and other online communications.
IEF 對於司法鑑定人員的益處
INTERNET EVIDENCE FINDER™ (IEF) searches in more places, recovering more data. Its easy to use, and the reporting is flexible.
IEF is forensic software that recovers Internet-related data from a hard drive, live RAM, or files. Because of the advantages it offers over other solutions on the market, IEF is the only choice for many of the world’s top law enforcement agencies.
IEF was designed with digital forensics examiners/investigators in mind, and recovers more digital evidence than any other solution on the market.
IEF 對軍方與政府的益處
In military and government investigations, digital evidence can be a question of national security, and even life or death.
INTERNET EVIDENCE FINDER™ (IEF) is forensic software that searches a hard drive, live RAM, or files for Internet-related data. IEF was designed with digital forensics examiners / investigators in mind. IEF is also used by IT security professionals, litigation support personnel, incident response teams, cyber security specialists and corporate investigators.
IEF recovers content from social networking pages, instant messenger chat histories, popular webmail applications, web browsing history, and peer-to-peer sites and other online communications.
Traffic Inspector是由Smart-Soft 公司推出的一款多功能網路監控的綜合性解決方案。Traffic Inspector具有網路安全、網路訪問控制和詳細的流量分析等功能,內建有安全防火牆,用以防止網路威脅,可自行設置網路訪問規則,阻止不必要的網際網路連接,並針對Web和電子郵件流量進行防毒掃描、過濾SMTP閘道垃圾郵件,還可設置頻寬限制和流量優先順序、提供豐富的日誌和報告、支援多ISP連接故障切換、強大的路由功能等等。
Traffic Inspector為您提供了大量的保護您的網絡所需要的工具,作為一個獨立產品,Traffic Inspector是所有的網絡安全和訪問控制需求者夢寐以求的解決方案!
產品特色
Traffic Inspector is a comprehensive and reliable gateway solution for network security and access control that is perfect for small and medium-sized businesses.
Network Security
Traffic Inspector deploys a multi-level network security system.
TI firewall provides protection against external network attacks and the Flood Mitigation system blocks users generating excessive network traffic on your internal networks.
Integrated SMTP Gateway is designed to serve as a front-end to a corporate mail server and filters out spam and unwanted email.
Kaspersky Gate Antivirus plugin inspects web and email traffic and blocks malware from entering your network.
Web Access Control
Traffic Inspector can be used to create effective network access policies for your users and block unwanted sites and web content. Content filtering, regexp-based URL filtering and URL categorization are supported.
Web-access related plugins include WOT plugin and Phishing Blocker. WOT Plugin assists in blocking unsafe web sites by querying Web of Trust reputation service and Phishing Blocker plugin protects against phishing web sites by querying Google Safe Browsing service.
Advanced Routing
Traffic Inspector provides secure and managed Internet access for your home or office network via single or multiple internet connections (dial-up, ISDN, DSL, cable, Wi-Fi).
Users are able to access the Internet via NAT or integrated HTTP/SOCKS proxy.
The Connection Failover feature prevents downtime and connection loss by ensuring that Traffic Inspector fails over to a backup connection if the primary connection becomes unavailable.
Advanced Routing feature allows traffic routing decisions to be based on various matching criteria rather than just the IP address of the destination host.
User Management
Traffic Inspector is an identity-based gateway solution. Users are forced to authenticate with the gateway before being granted network access.
Various authentication options are available: BASIC / NTLM authentication, IP/MAC/VLAN ID-based authentication and TI agent-based authentication.
Automatic Import allows importing users from Active Directory.
Logon hours, authentication methods, web access policies, bandwidth limits, billing plans, etc. are conveniently configured on a per-user or per-group basis.
Billing System
Users can be billed for provided services and consumed traffic. A s...
產品介紹
5nine Manager 4.0 NEW for Hyper-V
第一個用於Hyper-V的無代理安全解決方案
5Nine是第一個用於Hyper-V的無代理安全解決方案。他們的產品通過Windows 2012 Hyper-V可擴展交換機為Hyper-V虛擬網路同提供防火牆、反病毒和防惡意訪問以及入侵防護功能。
內置安全與合規性掃描器將幫助您在您的伺服器上探討當前和潛在的安全問題。它還在整個掃描過程中執行伺服器上的一個積極的反惡意軟體掃描。一旦掃描完成安全和法規遵從掃描器提供了每一個確定的安全問題的詳細報告
5Nine開發了一種當地語系化圖形介面管理工具。借助5Nine Hyper-V Manager,你能夠創建虛擬機器,虛擬網路等等。事實上,5Nine Hyper-V Manager支持包括RemoteFX , Dyamic Memory在內Microsoft Hyper-V Server 2008 R2 SP1的所有特性。
5nine Manager for Hyper-V通過利用虛擬環境的工作量和趨勢分析隨機掃描,還可以對進出每台虛機的流量制定過濾規則。這就是通過交換機擴展包Security Manager完成了即時的虛擬網路流量過濾、監控和頻寬控制。您將看到通過對Hyper-V虛機部署集中控制的虛擬防火牆,我可以創建進出規則並監控允許和拒絕訪問的流量。
Agentless: no performance degradation-不會降低性能
Fast, incremental scans-速度快,增量掃描
Orchestrated scans-策劃掃描
Staggered scanning-交錯掃描
Centralized management-集中管理
Unique Features-獨特功能
The only agentless protection built for Microsoft Hyper-V, 5nine Manager installs antivirus only once per host rather than once per virtual machine. Consumes almost no VM resources.-
Real-time protection via optional Active Protection agent-
The industry’s fastest initial full and subsequent incremental scans of Virtual machines
Special incremental scan technology tracks file changes and scans only changed files, resulting in scans that are up to 50X faster than traditional full scans.
5nine Manager for Hyper-V is an easy-to-use and cost-effective management solution for Microsoft Hyper-V. It provides most of the features of Microsoft System Center VMM that SMBs need for everyday Hyper-V management. 5nine Manager allows customers to:
Dramatically simplify and save money on Hyper-V management
Get a user-friendly management GUI for Windows Server Core and Microsoft Hyper-V Server
Manage different Hyper-V versions (2012 R2/ 2012/ 2008 R2 SP1) from a single console.
And more
5nine Manager could be run either locally or remotely. The solution also provides cluster management capabilities, built-in performance monitoring and agentless antivirus.
Benefits
Capitalize on a Hyper-V management tool designed specifically for SMBs
專門為中小型企業設計- Hyper-V management tool
5nine Manager addresses the unique Hyper-V management needs of small and medium businesses (SMBs). It is affordable, easy to use and provides most of the features of Microsoft System Center VMM.
Simplify management of different versions of Hyper-V with a single interface
簡化了不同版本
Eliminate the stress of managing multiple versions o...
MoonSols Windows Memory Toolkit是一款功能強大的工具包,包含所有必需的實用程式來執行任何種類的記憶體資料蒐集或轉換,或是從Windows桌機、伺服器或虛擬環境中取證分析。2.0的版本是經歷過多次客戶的需求更新後的版本,更能滿足使用者的專業需求。
MoonSols Windows Memory Toolkit had been designed to deal with Microsoft Windows hibernation file (from Microsoft Windows XP to Microsoft Windows 8 in both 32-bits and 64-bits (x64) Editions), Microsoft full memory crashdump (in both 32-bits and 64-bits (x64) Editions), and raw memory dump files (from memory acquisition tools like DumpIt or Virtualization application like VMWare). Moreover, MoonSols Windows Memory Toolkit also contains new version of DumpIt.
MoonSols Windows Memory Toolkit main point is that Microsoft full memory crashdump had been designed by Microsoft as the “physical memory format” which aims at being analyzed by Microsoft Windows Debugger (the most powerful utility to troubleshoot problems, analyze physical memory etc.). The goal of MoonSols Windows Memory Toolkit is to make possible to convert all Windows physical memory dumps into Microsoft Crash dump compliant with Microsoft Windows Debugger (WinDbg).
With MoonSols Windows Memory Toolkit you can convert any Windows memory dump file in a Microsoft crash dump file readable by Microsoft Windows Debugger. Moreover, you can also decompress complex memory dumps such as Windows XP x64 hibernation file as well as Windows 7 x64 Hibernation file.
MoonSols Windows Memory Toolkit內含:
MoonSols DumpIt 2.0
MoonSols Hibr2Bin 2.0
MoonSols Hibr2Dmp 2.0
MoonSols Dmp2Bin 2.0
MoonSols Bin2Dmp 2.0
MoonSols DumpIt replaces MoonSols Win32dd and Win64dd, the utility also has full 32-bits and 64-bits Windows 8 support and new features such as LZNT1 compression and RC4 encryption.
The utilities Hibr2Bin and Hibr2Dmp also have 32-bits and 64-bits Windows 8 support.
遵循著Internet Examiner 3(舊名為CacheBack)的腳步,IXTK是一個開創新視野的革命性產品!
它是如何運作?
首先,透過下列任何一種方法取得證據:
透過IXTK內建的常用圖像格式(E01, Ex01, L01, Lx01, AFF和DD)與Internet Extractor結合,來搜尋和收集證據。為了能大幅度地提高性能,你只需要選擇你想蒐尋的證據。
使用NetX Discovery尋找證據再匯入IXTK分析
從第三方來源匯入單一文件或文件夾到IXTK觀看(如圖片或影片),只要有可能IXTK將會嘗試解析這些資料。如果遇到不支援的格式可以使用該程式內部hex檢視器(任何檔案)或常見的資料庫檔案類型(如SQLite)的資料庫檢視器
收集完這些資料以後,IXTK將會開始分析數據、解釋和記錄讓鑑識工作能順利進行
IXTK會詳細的儲存所有採證後的資料,成為一個可擴展的SQLite資料庫,讓鑑識人員可以調查以下資料:
Extensive Object Characterization (e.g., metadata such as source, actions, timestamps, dimensions, features, etc.)
Relationships between artifacts (e.g. bookmarks, linked records)
Investigator notes and actions related to the artifact.
Forensically sound ?
最重要的是IXTK不會改變證據。相反的,它只是製做一份精確的副本,包括所有相關的元資料( Metadata ) 以供日後查看和分析使用。每個複製的元素都是經過精密的編排後儲存,使用這種方法讓網頁可以利用這些儲存的元素進行重建。
IXTK是完全獨立的程式,一但你完成了蒐證並鑑識,只需要直接連到原始證據文件而不需要透過IXTK。
影片介紹
系統需求
Install and run Internet Examiner on Windows 7 64-Bit Professional or higher.
Minimum processor: Intel i7 Quad-Core CPU or higher.
Minimum available RAM: 4GB.