Chronicle Solutions has found that Investigative Service Providers can range from those who regularly address legal electronic discovery type efforts to those looking into serious misconduct such as data theft, corporate espionage and beyond. However, even though the purpose and scope of their efforts may differ, many of the challenges are exactly the same.
Issues such as how to properly collect, analyze, identify and present credible evidence have been hampered by the daunting volume of digital information, the many forms of the information (e.g.: email, IM chats, HTML documents, to name a few) and the fact that investigators often need to collect the evidence under difficult conditions.
Furthermore, the number of "insider" incidences making the news and the related financial impact seems to be ever increasing. This fact is easily demonstrated by recent information theft headlines such as the loss of 26.5 million identities at the Department of Veterans Affairs or the well publicized theft of 36 million Visa and MasterCard cardholder records from Card Systems that were considered secure. Therefore, it comes as no surprise that in a recent AMA survey, legal liability and security concerns were the top two reasons why organizations are increasingly justifying employee monitoring efforts.
In the words of a leading investigator, "At least when someone steals merchandise from a store, there is a clear indication that something is missing from inventory. In contrast, when a cyber-crime occurs that involves data; nothing is missing - even though the information has been stolen."
netReplay® provides investigators and the organizations they serve with a powerful, yet easy-to-use content capture and analysis solution. Whether the investigation calls for the mobility and quick deployment provided by Chronicle’s netReplay® 2500 PORTABLE or the permanent, proactive longer-term benefits found in the netReplay® rack-mounted recorders, investigative professionals will be armed with the most effective forensic tool available.
Because of netReplay’s out-of-the-box capabilities, it can begin to immediately collect data - just plug it in. netReplay® quickly and efficiently captures all data necessary for formal record retention and digital evidence collection. Equally important, netReplay® helps speed investigators quickly to the "document decision-ing" phase of their investigation.
netReplay® has been described as a "one of a kind network content DVR (Digital Video Recorder) that eliminates the digital equivalent of commercials." netReplay’s intelligent deep-packet inspection and content capture effectively cuts out the recording of duplicate data and network content "noise" thereby saving considerable investigative time and money.
While netReplay® has the ability to reassemble data that has already been collected in full packet capture sessions such as Wireshark (Ethereal) or tcpdump, investigators can quickly move from a reactive "capture everything" mode to a much more effective proactive "collect, monitor and analyze" approach by using netReplay® from the onset (on live network connections).
netReplay® will increase credibility of results by replaying exactly what, when, and how content was seen and handled by a user, thereby demonstrating both proof of a user’s content and related actions. In addition, Chronicle’s Forensic Information Fingerprinting Engine (FIFE™) provides evidence of user activity that is both forensically accurate and credible.
netReplay® will increase the effectiveness of a digital forensics team by providing a high level of precision on the data it is collecting and analyzing, as well as complying with any legal requirements, such as privacy, employee rights and statutory limitations.
netReplay® is an easy-to-learn and easy-to-use digital forensic tool that provides immediate benefits. netReplay® will increase the efficiency of a network forensics team by allowing more investigators to be trained to use the tool.
netReplay® will greatly improve productivity by reducing the time and complexity of data and event log analysis. Essentially, with netReplay®, investigators now have the means to find the proverbial "needle in a haystack" in hours versus weeks or even months.