While the term "packet sniffer" is also referred to as a network analyzer, protocol analyzer, network sniffer, Ethernet sniffer, or wireless sniffer, its purpose is essentially the same - it collects and logs traffic passing through a network (or portion of a network).
A sniffer can be used in a number of ways from monitoring network problems and usage to collecting content in an effort to analyze and determine what has happened. The challenge with trying to use a sniffer alone becomes quite apparent in the following ways:
For digital investigations, these challenges create significant limitations in regards to arriving at a clear understanding of what has occurred on the network and if there were any "wrongful-acts" that have been committed. Simply stated, the purpose of capturing and analyzing the data with a network sniffer or any such device is to quickly and effectively determine what has happened.
Chronicle Solutions has created a network forensics solution that is able to easily and intelligently capture, replay and analyze content in its original format, either decoded from live network traffic or packet sniffer sessions. While this is an extremely easy-to-use and easy-to-learn solution, it is a powerful solution that can assist investigators to efficiently research, find and deliver credible evidence.
Whether the investigation calls for the quick, mobile deployment provided by Chronicle’s netReplay® 2500 PORTABLE or the consistency and proactive longer term benefits found in netReplay® rack-mounted recorders, investigative professionals will be armed with the most effective digital forensic tool available.
While netReplay® has the ability to reassemble data that has already been collected in full packet capture sessions such as Wireshark (Ethereal) or tcpdump, by using netReplay® from the onset (on live network connections), IT security and investigative staff quickly move from a reactive "capture everything" mode to a much more effective proactive "collect, monitor, research and analyze" approach.
netReplay® will increase the effectiveness of a digital forensics effort by providing a high level of precision on the data it is collecting and analyzing as well as the correlation of all events that lead to any suspected misdeed. This is accomplished while also complying with any legal requirements, such as privacy and employee rights and statutory limitations.
Because of netReplay’s out-of-the-box capabilities, it can begin to immediately collect data - just plug it in. netReplay® quickly and efficiently captures all data necessary for formal record retention and digital evidence collection. Equally essential, netReplay® helps speed investigators quickly to the "document decision-ing" phase of their investigation.
netReplay® has been described as a "one of a kind, network content DVR (Digital Video Recorder) that eliminates the digital equivalent to commercials." netReplay’s intelligent deep-packet inspection and content capture effectively cuts out the recording of duplicate data and network content "noise", thereby saving considerable investigative time and money.
netReplay® will greatly improve productivity by reducing the time and complexity of data and event log analysis. Essentially with netReplay®, investigators now have the means to find the proverbial "needle in a haystack" in hours versus weeks or even months.
netReplay® will increase credibility of results by replaying exactly what, when, and how content was seen and handled by a user, thereby demonstrating both proof of the user’s content and related actions. In addition, Chronicle’s Forensic Information Fingerprinting Engine (FIFE™) provides evidence of user activity that is both forensically accurate and credible.
netReplay® will increase the efficiency of a network forensics team by allowing more investigators to be trained to use the tool. netReplay® is an easy-to-learn and easy-to-use digital forensic tool that provides immediate benefits.