 |
||||
|
|
|
||
|
Contents 
Introduction
Exinda Optimizer 4700
eTrust Network Forensics
Observer 10.1
Fluke OptiView Series II
PacketShaper 6500
Specifications
How we tested
Editor's choice
About RMIT |
|
||
|
|
||||
|
|
||||
Computer Associates eTrust Network Forensics
eTrust Network Forensics is a product borne from SilentRunner which was developed by a defence contractor. Computer Associates acquired SilentRunner a few years back and has turned this product in a commercial product for enterprise.
eTrust Network Forensics allows you to visualise, uncover, and investigate network traffic. It captures raw network data and uses forensic analysis to check for exploitation, internal data theft, and security or human related violations.
CA supplied us with log files from IDSes and firewalls which we opened in the application to get a feel for the type of information we could plot. CA ran us through some of the basics. eTrust Network Forensics can produce complex graphs, but they can be very hard to read, especially if you are displaying a lot of traffic. It's almost an art, understanding what the graphs are trying to tell us which is why we suggest training. The interface needs some work -- it's clunky and you can't browse for log files, and you must type the full path to the file. The window system also needs improvement -- at one stage we had more than 10 windows open and we couldn't really keep track of where we were.
| |||||||||||||||||||||||||||||||
