full post event analysis
Results 1 to 2 of 2

Thread: full post event analysis

  1. #1
    Junior Member
    Join Date
    Jul 2001
    Posts
    12

    full post event analysis

    In response to a previous thread for backtracking the path of a virus.

    If you want to track something to its source, you have to have a powerful tool that will allow post event analysis.

    We use a tool by a company called Niksun (NetDetector). This is a Sniffer like tool (promiscuous analyzer) only with up to Terabyte capture files. It also has very powerful string search and session reconstruction abilities.

    All that you have to do is a string search for the virus signature and it will go back and show you every machine the signature has gone to or from.

    This tool is actually designed to catch malicious users hackers etc, and reconstruct there sessions. However, it has many uses such as backtracking viruses, identifying infected machines and doing full post event analysis on pretty much anything.

    I work for the UK distributor of this tool.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Hmmm... all this guy seems to do is "advertise" for this sniffer-like-tool... I think it says something that no one's ever seemed to better Network General's original Sniffer, myself. And, as far as IDS, well I have my own opinions there, having worked with a whole load of really crappy ones and one or two really outstanding contributions (my favorite being one "done" by one of the people thought of as one of the original "fathers" of the network/corporate firewall... cookies to the first person to name him/them... LOL)
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •