Introduction to the Forensics Investigation Toolkit (FIT)
- How do you analyse the raw data (PCAP) files that you have captured from your network?
- Can you understand the encoded content by reading the raw data (PCAP) files using Packet Analyser Tool?
- Can you investigate who is leaking information and what has been leaked out in your organisation?
FIT is Windows-Based Content Forensics Toolkit to read and analyze the content of the Internet raw data in PCAP format. FIT provides security administrative officers, auditors, fraud and forensics investigators, as well as law enforcement officers the power to perform content analysis and reconstruction on pre-captured Internet raw data from Wired or Wireless networks. Developed by Decision Group experts, FIT and E-Detective series of products have now been used extensively by Private and Public organizations, Law Enforcement and Defense Officers and Investigators.
FIT comes with a friendly Graphical User Interface (GUI) that allows a novice to easily learn and utilize the unit’s powerful functionality and features. All protocols and services analyzed and reconstructed are displayed in a readable format for the users. The GUI is much easier to navigate and operate compared with many of the packet analyzer tools. The other unique feature of the FIT is that imported raw data files will be immediately parsed and reconstructed. Unlike other packet analyzer or reconstruction tools that require the user to manually reconstruct them session by session. Therefore, the immediate parsing and reconstruction of the raw data imported allows all the parsed data to be displayed in the intended service categories. That makes viewing the output results much easier for the investigator.
How It Works?
Raw data files (PCAP) captured from sources like LAN and WLAN networks can be imported to the FIT accordingly (by selecting the specified case). Imported raw data files will be parsed and the output content will be displayed in intended service categories. Refer to the application diagram below for the procedures.
Product Features (FIT version 1.0):
- Application Software Tool (Windows based)
- Case Management Function
- Support Import of Raw Data Files (in PCAP Format)
- Detail information includes Date-Time, Source IP, Destination IP, Source MAC etc.
- Search Function (Full Text Search)
- WhoIS and Google Map Integration Functions
- Bookmark Function
- Analysing and Reconstruction of various Internet traffic types which includes Email (POP3, SMTP, IMAP), Webmail (Read and Sent), IM or Chat (MSN, ICQ, Yahoo, QQ, Skype Voice Call Log, UT Chat Room, Gtalk, IRC Chat Room), File Transfer (FTP, P2P), Telnet, HTTP (Content, Upload/Download, Video Streaming, Request) and Others (SSL).
Show FIT screenshots