Chapter 2.
E-Detective Function Description
Remote Login
| 1. | Use browser to access E-Detective server. E-Detective system use 443 port, so please remember to type https://, e.g. https://192.168.1.60 |
| 2. | User
Name: root Password: 000000 Choose you preferred language¡][ Traditional Chinese ]¡B[ English ]¡^ and press login button. |
Basic buttons are on the top,
and please follow chapters in this manual for details.
A. Email Recording
E-Detective System records Emails and web mails.
Recording supports¡G
1. POP3 [inbound] .
POP3 [ inbound ] records following information about the Email, arrival time, sending time, sender, receiver, carbon copy, subject, size and attachment.
Columns :
Features in this page :
Search:
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
View the Email :
¡@¡@Click the subject and view the content.
Attachment :
Checking attachment:
Ignore :
¡@¡@Check the checkbox and press the [Ignore] button to ignore those records that you are not interested.
Ignore and delete :
¡@¡@You may also ignore and delete by press [Ignore and Delete].
Ignored list :
¡@¡@Click [Ignore] or [Ignore and Delete], the window will popup, you could view the list of records that were ignored or deleted.
List :
2. SMTP [outbound] records
SMTP [outbound] records following information about the Email, arrival time sending time, sender, receiver, carbon copy, subject, size and attachment.
Columns :
Features in this page :
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
View the Email :
¡@¡@Click the subject and view the content.
Attachment :
Checking attachment:
Ignore :
¡@¡@Check the checkbox and press the [Ignore] button to ignore those records that you are not interested.
Ignore and delete :
¡@¡@You may also ignore and delete by press [Ignore and Delete].
Ignored list :
¡@¡@Click [Ignore] or [Ignore and Delete], the window will popup, you could view the list of records that were ignored or deleted.
Columns :
3. Webmail [inbound]
E-Detective System records the web mail content and eliminates pictures for saving disk space.
Columns:
Features in this page :
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs, IP class or specific IPs could be achieved by press the button [more¡K].
View the Email :
¡@¡@Click the subject and view the conten
4. Webmail [outbound]
E-Detective System records the webmail content and eliminates pictures for saving disk space.
Columns :
Features in this page :
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
View the Email :
¡@¡@Click the subject and view the content.
Attachment :
Checking attachment:
B. IM
Three instant messengers recording:
1. MSN
2. ICQ / AOL
3. YAHOO
1. MSN
Recording MSN chatting including relative information, like date, time, user id, IP, partner id, conversation, files transferred.
Columns :
Features in this page :
MSN conversation :
¡@¡@Click the button¡]Conversation¡^, then you could view the whole session of chatting and files transferred.
Files transferred :
Checking attachment:
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
2. ICQ / AOL
Recording ICQ / AOL sessions including relative information, like date, time, user id, IP, partner id, conversation, files transferred.
Columns :
Features in this page :
ICQ / AOL conversation :
¡@¡@Click the button¡]Conversation¡^, then you could view the whole session of chatting and files transferred.
Files transferred :
Checking attachment:
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
3. YAHOO
Recording Yahoo messenger chatting including relative information like date, time, user id, IP, partner id, conversation, files transferred and video conference.
Columns :
Features in this page :
YAHOO conversation or video conference :
¡@¡@Click the button¡]Conversation¡^, then you could view the whole session of chatting and files transferred or video conference.
Files transferred :
Checking attachment:
Video conference :
¡@¡@Click video button to view video conference.
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
C. FTP
Recording FTP sessions including date, time, user IP, user ID, Password, file names transferred.
Columns:
Features in this Page :
Show Pass¡G
¡@¡@Show login password or NOT.
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
Files transferred :
Checking attachment:
Files transferred in the FTP session were stored in E-D storage.
D. Web pages
E-Detective System records web pages and relative information.
Two types:
1. [HTTP] for URL
2. [DYNAMIC] for content
1. URL Recording [ HTTP ]
Web page records including date, time, user IP /user name, URL. Content is retrieved by clicking the hyperlink to the website on internet.
Columns :
Features in this page :
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
2. Web Page [ DYNAMIC ]
E-Detective System records content of the webpage¡Aand eliminate pictures for saving disk space.
Columns :
Features in this page :
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
View the pages :
¡@¡@Click the URL to view the page.
Source Code :
¡@¡@Click the red icon to view the source codes.
E. Telnet
E-Detective System records the Telnet sessions.
1. Telnet
Telnet function records date, time, User IP, and Telnet Server IP. Click it then you get session information.
Columns:
Features in this page :
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
2. Content
F. Configuration
E-Detective configuration provisioning system.
Nine parts for different configuration:
1. Network Set
2. Storage
3. Services
4. Edit Password
5. Backup Data
6. Domain
7. Network Rules
8. Input
9. Setup Mail
1. Network Set
If you want to change E-Detective System IP, netmask, broadcasting and gateway, you can input correct parameters. Then, press [Finished] button to become effective.
Note: system will reboot itself when pressing [Finished] button¡C
Note: one public IP alias on NIC makes it easier while remote login.
Features in this page:
Sniffer :
Passive listen mode for single NIC appliance and hub environment.
Setting¡G
Click Sniffer Mode and choose eth0 with specific IP, eth0 becomes the intercept NIC.
Mirror :
Mirror mode¡Afor twin NIC on Switch Hub with Mirror Port.
Setting:
Choose Mirror Mode on eth0 with specific IP, eth1 becomes the collecting NIC.
Bridge :
Bridge mode. For twin NIC appliance.
Setting:
Choose Bridge NICs, and set the IP.
Tap:
Setting primary and secondary DNS, finish setting and press [Reset].
System Action & Server Time:
Shut down or reboot E-Detective System by pressing the button on this page remotely, time setting is also available here.
2. Storage
Contents:
HD Status :
Hard disk utilisation information including hard disk capacity, utilisation, and space left, warning message is issued to administrator while utilisation reaches 80%.
OpenRaw :
The amount of Packets that captured by E-Detective, press [Update] to refresh.
Server Status :
List server status and networking activities.
3. Services
You may switch [on / off] to activate the functions here:
FireWall :
Create specific IP for allowing login E-Detective System.
4. Edit Password
Change root password. Password shall be more than 6 characters.
5. Backup Data
[1]¡GAuto Backup
Schedule your backup plan here.
Scheduling :
Automatic backup could be scheduled daily, weekly or monthly. Capacity of Data captured within the intervals shall be less than 600MB. Or else manual backup with CDROM is necessary. Click [OK] while schedule is set up.
Forward the message:
System will automatically send a message to administrator while ISO file is generated, you may decide to burn a CDROM or export the ISO to storage.
Burning CD:
Export image to hard disk:
Delete ISO
Delete backup data
[2]¡Gmanual backup
Flexible backup solution on demand, E-Detective System will generate a new folder to store the image while the image is exceeding 600MB.
Make ISO:
Note¡G You can¡¦t backup the folder,If the folder is using. If you want to backup the folder, press [ SETTING ] => [ Services ] to stop [ OpenRaw ].
Burning CD:
Export image to hard disk:
Delete ISO
Delete backup data
6. Domain
Add a Domain.
Click [Create], and add a new Domain as following format.
7. Network Rules
E-Detective specifies specific network access rule in specific time.
E-Detective will issue warning Email to both the one who breaks the rule and the administrator. This function corrects network access behaviour automatically and no impact to the network.
Administrator may establish policy by press [Create] and [confirm] when set; modify the policy by [Reset].
You may set up policy to rule the access activities of web surfing, Email, file transferring, ICQ, AOL, MSN, Yahoo chatting, Telnet, and webmail.
Note: warning message is issued within one hour after the violation occurred
Columns :
Features in this page :
To create a new rule: fill what you want to define as followings and then press [Confirm].
8. Email Setting
Default Email for system to receive the warning Email, any POP mailbox is possible.
Settings¡G
1. Press [Remote]
2. Insert domain, e.g. msa.hinet.net
3. set Sender E-Mail address, e.g. xxx@msa.hinet.net
G. Status
3 statuses:
1. Backup Record
Database logfiles is listed 10 records per page; press [All Record] to view all the records.
Press [All Record] to view all the records in the following window
2. Online IP
E-Detective automatically searches IPs on network if there is no IP list, the amount of IPs is granted by license, automatic searching is not targeting on specific target. To target specific users, you might need to establish a target list; you may also group them for better management.
To specify a target IP, please choose group function, and edit the IP, hostname and group, press [on line IP info] to view current status.
Columns :
Features in this page :
Add an IP :
Single adding:
Click [Create] to popup the window and insert IP, name and group. Click [Create] to add.
Multiple IPs adding :
¡@¡@Press [Auto Search] and then insert IP range to search IPs, check IPs on the list and then press [Update] to add.
Hide IP records :
Press [Hide IP]; edit the IP that you want to hide
Note: record of the hidden IP is recorded on the background
Skip IP :
Click [Skip] and insert specific IP, press [Add] to add the IP to [Skip IP List]
Input :
Import targeting IP list from Excel file.
Format¡GIP¡FNAME¡FGROUP
Note 1: Save Excel file as *.CSV
Note 2: No Chinese Big5 Name, please convert big5 code to Unicode.
Note 3: Setting the value of GROUP at [No.] column of [TOOL] = > [Group Set] page.
Excel format¡G
3. Login List
System log for security control.
Columns:
Features in this page :
H. Utilities
There are 5 utilities:
1. Delete Data
Delete Mode Data:
Delete Email, Ftp, Chat, Http, Webmail, and Telnet in the menu.
Features in this page:
a. Mode: choose what you want to delete, e.g. POP3
b. Date
c. Time
d. Field: index e.g. sender
e. Value: specify value, e.g. [ ken@decision.com.tw ]
You can set schedule to delete data.
Delete All Data¡G
Insert user ID and password to delete all records.
Note: E-Detective will automatically switches off the [OpenRaw] after deleting all data, please switch it on manually via [SETTING] => [Services] => [OpenRaw] if you want to perform recording.
2. Group Set
Group settings :
Note: delete all the members before delete the group
Change password, group, and delete user:
Click [Member] to modify, press [Update] after editing. Press [Delete] to delete the user.
Add group :
Press [ Add Group ] and popup the window, insert group name [support Big5]¡Athen press [ Create ] to add.
Modify group name :
Select Group Name and input new name in [modify to], and then press [Update] to modify.
3. Create User
Edit the user and press [Confirm] to activate it.
Insert user name and password (at least 6 characters) in following window and then press [Confirm].
4. Search
The system provide advance serach function. That can be searched base on the setting search statement.
Date¡GKey in the seaching date, e.g¡G 2004-09-20.
Time¡GKey in the seaching time, e.g¡G 09¡G30 ~ 18¡G00.
Source IP¡GKey in the seaching source IP, e.g¡G 192.168.1.20.
E-Mail Address¡GKey in the seaching e-mail account, e.g¡G ken@decision.com.tw.
Subject¡GKey in the seaching subject, e.g¡GShow Girl.
Webmail Type¡GKey in the seaching Webmail Type, e.g¡GHinet¡BGiga¡BYahoo¡Ketc.
FTP Server¡GKey in the seaching¡G203.187.1.180.
FTP User¡GKey in the seaching FTP server IP, e.g¡GTest.
MSN Account¡GKey in the seaching MSN account, e.g¡Gshe0430@hotmail.com.
ICQ Account¡GKey in the seaching ICQ account, e.g¡G207706947.
YAHOO Account¡GKey in the seaching YAHOO account¡Gvalenhsu9999.
URL¡GKey in the seaching URL, e.g¡Gwww.hinet.net.
Telnet User¡GKey in the seaching TELNET account, e.g¡Gguest.
Other¡GKey in the reguired seaching data. [Limited the data that can find out from the searching page.]
Note¡GSearch the key in statement as way of ¡§AND¡¨.
Note¡GWhen key in more than one account , please type ¡§;¡¨ after each account to separate them.
Example¡G
e.g 1¡GIf one would like to search the data including the data of [ 192.168.1.20 ] IP, please key in the search IP at [ source IP ]. The system will search all the data including relative IP.
After key in setting, press [Search].
After searching, it will occur ¡§Search the result¡¨ at search page. Please select the reguirement searching type at relative place.
There are all data relatived IP = 192.168.1.20 guveb by the searching statement.
e.g 2¡GIf one would like to do more detuil search, please key in the data at different column. [ e.g¡GIP = 192.168.1.20 & MSN = she0430@hotmail.com ]. Please note the system will not only the data including the relatire IP = 192.168.1.20, but also give all the data regarding to both the [ IP = 192.168.1.20 & MSN = she0430@hotmail.com ].
After key in setting, press [search].
After searching, it will occur ¡§search the result¡¨ at search page. Please select the requirement searching type at relatire please.
There are all data relatived [ IP = 192.168.1.20 & MSN = she0430@hotmail.com ] given by the searching statement.
Special Searching Type [suitable for MSN/ICQ/YAHOO]
Note: Use [OR] , [AND] for special seraching type.
e.g 1: Key in each account of user reference account (of source) and the participant (of destination) at MSN/ICQ/YAHOO. [select the pre-setting both reference account of source and destination, the first column is for user reference account (of source) and another one is for participant reference account (of destination)]
The data finding out base on the searching statement are user reference account and participant reference account. User reference account as [aries0724@msn.com] and participant reference account [she0343@hotmail.com].
So it can categorize as below two combined group¡G
Language instruction¡G
When you key in two textbox column, the first textbox column is as sigle account [dc@decision.com.tw], the second textbox column is as sigle account [web@decision.com] , then checkbox column will be enable, but it is not allow to modify and searching the data like as below:
((user reference account = dc@decision.com.tw and participant reference account = web@decision.com.tw ) or (participant reference account = web@decision.com.tw and user reference account = dc@decision.com.tw )) , then use "and" combining the other seraching coulmn.
e.g 2¡GKey in two [ or three ] user reference account and one participant reference account at MSN/ICQ/YAHOO. [ select the pre-setting both reference account of source and destination, the first column is for user reference account (of source) and another one is for participant reference account (of destination)].
The data finding out base on the searching statement are user reference account [aries0724@msn.com or dc040201@hotmail.com or diesis@ms62.hinte.net ] and participant reference account aries0724@msn.com].
So it can categorize as below three combined group¡G
Language instruction¡G
When you key in two textbox column, the first textbox column is as [web@decision.com.tw ; ken@decision.com.tw] for multi-account (maximum only 3 multi-account), the second textbox column is as sigle account [web@decision.com] , then checkbox column will be enable, but it is not allow to modify and searching the data like as below¡G
participant reference account = dc@decision.com.tw and user reference account = web@decision.com.tw or user reference account = ken@decision.com.tw , then use "and" combining the other seraching coulmn.
e.g 3¡GKey in one user reference account and two [ or three ] participant reference account at MSN/ICQ/YAHOO. [ select the pre-setting both reference account of source and destination, the first column is for user reference account (of source) and another one is for participant reference account (of destination)].
The data finding out base on the searching statement are user reference account [she0430@hotmail.com] and participant reference account [aries0724@msn.com or dc040201@hotmail.com or diesis@ms62.hinet.net ].
So it can categorize as below three combined group¡G
Language instruction¡G
When you key in two textbox column, the first textbox column is as single account dc@decision.com.tw , the second textbox column is as multi-account [web@decision.com]; ken@decision.com.tw (maximum only 3 multi-account) , then checkbox column will be enable, but it is not allow to modify and searching the data like as below¡G
user reference account = dc@decision.com.tw and (participant reference account = web@decision.com.tw or participant reference account = ken@decision.com.tw , then use "and" combining the other seraching coulmn
e.g 4¡GKey in two [ or three ] user reference account and without key in participant reference account at MSN/ICQ/YAHOO. [key in the account can be selected by pre-setting either user reference account or participant reference account or both. The first column is for user reference account (of source) and another one is for participant reference account (of destination)].
The data finding out base on the searching statement are user reference account or participant reference account [aries0724@msn.com or dc040201@hotmail.com or diesis@ms62.hinet.net ]
So it can categorize as below six combined group¡G
Language instruction¡G
e.g 5¡GKey in one user reference account and without key in participant reference account at MSN/ICQ/YAHOO. [key in the account can be selected by pre-setting either user reference account or participant reference account or both. The first column is for user reference account (of source) and another one is for participant reference account (of destination)]
The data finding out base on the searching statement are user reference account or participant reference account [she0430@hotmail.com]
So it can categorize as below two combined group¡G
Language instruction¡G
5. Upload / Download
You may compose customised warning message and upload to system for hard disk capacity alarm.
Upload Warning File¡G
Select your customised message and upload to system, click your own message to preview message content, sample.txt is a default file, no way to delete it.
Rule :
Specific sender Email address, subject and message file, system will issue the message while utilisation is reaching 80% of capacity.
Delete Warning File¡G
Delete the current policy.
Fault Data Download¡G
Send back the downloaded fault data package to original company to analysis.
I. REGISTER
System is activated via certificated registration.
Note: Registration shall be done via Internet.
J. DATA MINING
E-Detective Data Mining is using the user¡¦s key word, the key in data statement to easily find out the data from (E-mail / POP3, SMTP, IMAP, Hot-mail, Web-mail)¡Gnot only comparing the content and attach file but also arranging out the relatived keyword message.
1. Searching by keyword is completely supported by the way of Boolean Logic.
The system will connect to the main page and show the searching data after selecting the numerical number.
2. Searching IP
User can key in "ip:" and add the IP number that you would like to search, press [Confirm] then the system will auto search the data including the relative IP.
The system will connect to the main page and show the searching data after selecting the numerical number.
K. REPORTING
E-Detective support completely strategic decision control of chart and report. It can use user's requirement to set multi strategic decision analysic control report. By these detail analysic data, you may easily judge and understand more for using the internet activities and take advantage of the work efficiency.
The moment report can clasify
1. Single functional report (Single Report)
(eg. IP of HTTP, the receiver of POP3 ...etc)
2. Group IP with Group Report (Group Report)
(eg. 192.168.0.2 and 192.168.0.5 compare with POP3, MSN, HTTP)
1. Single functional report (Single Report)
Step 1.
Statistic how many data at the selected module during the seraching time.
Mode¡GPOP3¡BSMTP¡BFTP¡BMSN¡BICQ¡BYAHOO¡BHTTP¡BDYNAMIC¡BWEBMAILR¡BWEBMAILS¡BTELNET
Step 2
Show Chart
Here can select
Chart Type¡G
Sort by¡Gdata type
Select Chart Type¡BShow Top¡BSort by. Clip Change Chart then can display you the type you would like to display.
Download File
After clipping, it can download the file that shown on the present chart figure(.png).
Print
After clipping, it can print out the present chart figure.
Note¡GBecause the charset of sender and receiver of POP3 , SMTP , webmail , and the user hangle and participants of YAHOO is not saved by unicode.When showing the chart, you can choose the correct charset (unicode, big5, gb2312 )
2. Group IP with Group Report (Group Report)
After select Group Report, it will occur the following Group Report list
L. MANUAL
There are manuals of the users of English and Chinese-traditional at present.
M. LOGOUT
Log out to prevent from malicious peeping, log out and return to log in page automatically.
A. Email Recording
E-Detective System records Emails and web mails.
Recording supports¡G
- POP3 [ inbound ]
- SMTP [ outbound ]
- Webmail [ inbound ]
- Webmail [ outbound ]
1. POP3 [inbound] .
POP3 [ inbound ] records following information about the Email, arrival time, sending time, sender, receiver, carbon copy, subject, size and attachment.
Columns :
- Date-Time
- Sender
- Receiver
- CC
- Subject
- Size
Features in this page :
| [1]¡G | POP3¡G
Refresh the page Delete¡G[ Delete ] the record that is checked¡C Ignore¡G[ Ignore ] popup ignore dialogue window¡C Ignore and Delete¡G[ Ignore and Delete ] popup ignore and delete dialogue window¡C Search¡G[ Search ] popup search window and press [ Submit ] when search keyword is defined¡C |
| [2]¡G | records per page<100¡C¡C |
| [3]¡G | records could be delete or ignore by checking the checkbox, checking checkbox could be checked by clicking respectively or check all by clicking the 1st checkbox¡C |
| [4]¡G | attachment is shown if there is.¡C |
| [5]¡G | view the content by clicking [ Subject ]¡C |
| [6]¡G | First, Previous, Next, Last page¡C |
| [7]¡G | Current page information¡C¡C |
Search:
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
View the Email :
¡@¡@Click the subject and view the content.
Attachment :
Checking attachment:
| 1. | Click the attachment¡C |
| 2. | If the attachment is NOT able to launched immediately, then please save the attachment to your favourite folder by clicking [save as]. |
Ignore :
¡@¡@Check the checkbox and press the [Ignore] button to ignore those records that you are not interested.
Ignore and delete :
¡@¡@You may also ignore and delete by press [Ignore and Delete].
Ignored list :
¡@¡@Click [Ignore] or [Ignore and Delete], the window will popup, you could view the list of records that were ignored or deleted.
List :
- Sender
- Receiver
- CC
- Subject
- Size
| [1]¡G | Delete : check the checkbox and press delete button to delete |
| [2]¡G | Records per page is less than 100 |
| [3]¡G | Single delete or delete all |
| [4]¡G | First, Previous, Next and Last page |
| [5]¡G | Current page information |
2. SMTP [outbound] records
SMTP [outbound] records following information about the Email, arrival time sending time, sender, receiver, carbon copy, subject, size and attachment.
Columns :
- Date-Time
- Sender
- Receiver
- CC
- BCC
- Subject
- Size
Features in this page :
| [1]¡G | SMTP:
refresh the page Delete: check the checkbox and press [ Delete ] to delete records Ignore: [ Ignore ] popup ignore dialogue window Ignore and Delete: [ Ignore and Delete ] popup ignore and delete dialogue window Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | records per page<100¡C |
| [3]¡G | records could be delete or ignore by checking the checkbox, checking checkbox could be checked by clicking respectively or check all by clicking the 1st checkbox |
| [4]¡G | attachment is shown if there is |
| [5]¡G | view the content by clicking [ Subject ] |
| [6]¡G | First, Previous, Next, Last page |
| [7]¡G | Current page information¡C |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
View the Email :
¡@¡@Click the subject and view the content.
Attachment :
Checking attachment:
| 1. | Click the attachment. |
| 2. | If the attachment is NOT able to launched immediately, then please save the attachment to your favourite folder by clicking [save as]. |
Ignore :
¡@¡@Check the checkbox and press the [Ignore] button to ignore those records that you are not interested.
Ignore and delete :
¡@¡@You may also ignore and delete by press [Ignore and Delete].
Ignored list :
¡@¡@Click [Ignore] or [Ignore and Delete], the window will popup, you could view the list of records that were ignored or deleted.
Columns :
- Sender
- Receiver
- CC
- Subject
- Size
| [1]¡G | Delete: check the checkbox and press delete button to delete |
| [2]¡G | Records per page is less than 100¡C |
| [3]¡G | Single delete or delete all |
| [4]¡G | First, Previous, Next and Last page |
| [5]¡G | Current page information¡C |
3. Webmail [inbound]
E-Detective System records the web mail content and eliminates pictures for saving disk space.
Columns:
- Date-Time
- IP
- URL
- Webmail Type
Features in this page :
| [1]¡G | Webmail:
press to refresh Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | show [ IP ] or [ hostname ] and records per page<100 |
| [3]¡G | Single delete or delete all |
| [4]¡G | click [ URL ] to view the webmails |
| [5]¡G | First, Previous, Next, Last page |
| [6]¡G | Current page information |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs, IP class or specific IPs could be achieved by press the button [more¡K].
View the Email :
¡@¡@Click the subject and view the conten
4. Webmail [outbound]
E-Detective System records the webmail content and eliminates pictures for saving disk space.
Columns :
- Date-Time
- Sender
- Receiver
- CC
- BCC
- Subject
- Webmail Type
Features in this page :
| [1]¡G | Webmail
( Send ): press to refresh Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | records per page<100¡C |
| [3]¡G | Single delete or delete all |
| [4]¡G | attachment is shown if there is |
| [5]¡G | view the content by clicking [ Subject ] |
| [6]¡G | First, Previous, Next, Last page |
| [7]¡G | Current page information¡C |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
View the Email :
¡@¡@Click the subject and view the content.
Attachment :
Checking attachment:
| 1. | Click the attachment |
| 2. | If the attachment is NOT able to launched immediately, then please save the attachment to your favourite folder by clicking [save as]. |
B. IM
Three instant messengers recording:
1. MSN
2. ICQ / AOL
3. YAHOO
1. MSN
Recording MSN chatting including relative information, like date, time, user id, IP, partner id, conversation, files transferred.
Columns :
- Date-Time
- IP
- User Handle
- Participants
- Conversation
- Count
Features in this page :
| [1]¡G | MSN:
refresh the page Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | records per page<100 |
| [3]¡G | Single delete or delete all |
| [4]¡G | attachment indicates whether file transferred while chatting |
| [5]¡G | click [ Conversation ] to view the conversation |
| [6]¡G | First, Previous, Next, Last page |
| [7]¡G | Current page information |
MSN conversation :
¡@¡@Click the button¡]Conversation¡^, then you could view the whole session of chatting and files transferred.
Files transferred :
Checking attachment:
| 1. | Click the file name. |
| 2. | If the attachment is NOT able to launched immediately, then please save the attachment to your favourite folder by clicking [save as]. |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
2. ICQ / AOL
Recording ICQ / AOL sessions including relative information, like date, time, user id, IP, partner id, conversation, files transferred.
Columns :
- Date-Time
- IP
- User Handle
- Participants
- Conversation
- Count
Features in this page :
| [1]¡G | ICU/AOL:
refresh the page Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | records per page<100¡C |
| [3]¡G | Single delete or delete all |
| [4]¡G | attachment indicates whether file transferred while chatting |
| [5]¡G | click [ Conversation ] to view the conversation |
| [6]¡G | First, Previous, Next, Last page |
| [7]¡G | Current page information¡C |
ICQ / AOL conversation :
¡@¡@Click the button¡]Conversation¡^, then you could view the whole session of chatting and files transferred.
Files transferred :
Checking attachment:
| 1. | Click the file name |
| 2. | If the attachment is NOT able to launched immediately, then please save the attachment to your favourite folder by clicking [save as] |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
3. YAHOO
Recording Yahoo messenger chatting including relative information like date, time, user id, IP, partner id, conversation, files transferred and video conference.
Columns :
- Date-Time
- IP
- User Handle
- Participants
- Conversation
- Count
Features in this page :
| [1]¡G | Yahoo:
refresh the page Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | records per page<100¡C |
| [3]¡G | Single delete or delete all |
| [4]¡G | attachment indicates whether file transferred while chatting |
| [5]¡G | click [ Conversation ] to view the conversation or video conference |
| [6]¡G | First, Previous, Next, Last page |
| [7]¡G | Current page information¡C |
YAHOO conversation or video conference :
¡@¡@Click the button¡]Conversation¡^, then you could view the whole session of chatting and files transferred or video conference.
Files transferred :
Checking attachment:
| 1. | Click the file name. |
| 2. | If the attachment is NOT able to launched immediately, then please save the attachment to your favourite folder by clicking [save as]. |
Video conference :
¡@¡@Click video button to view video conference.
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
C. FTP
Recording FTP sessions including date, time, user IP, user ID, Password, file names transferred.
Columns:
- Date-Time
- IP
- User
- Pass
- Action
- FTP Server IP
- File Name
Features in this Page :
| [1]¡G | FTP:
refresh Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | show [ IP ] or [ hostname ] and records per page<100 |
| [3]¡G | Single delete or delete all |
| [4]¡G | FTP password |
| [5]¡G | click [ File Name ] to check the file transferred |
| [6]¡G | First, Previous, Next, Last page |
| [7]¡G | Current page information¡C |
Show Pass¡G
¡@¡@Show login password or NOT.
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
Files transferred :
Checking attachment:
| 1. | Click the file name |
| 2. | If the attachment is NOT able to launched immediately, then please save the attachment to your favourite folder by clicking [save as]. |
D. Web pages
E-Detective System records web pages and relative information.
Two types:
1. [HTTP] for URL
2. [DYNAMIC] for content
1. URL Recording [ HTTP ]
Web page records including date, time, user IP /user name, URL. Content is retrieved by clicking the hyperlink to the website on internet.
Columns :
- Date-Time
- IP
- URL
Features in this page :
| [1]¡G | HTTP:
press to refresh Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | show [ IP ] or [ hostname ] and records per page<100 |
| [3]¡G | Single delete or delete all |
| [4]¡G | click [ URL ] to access the web site |
| [5]¡G | First, Previous, Next, Last page |
| [6]¡G | Current page information |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
2. Web Page [ DYNAMIC ]
E-Detective System records content of the webpage¡Aand eliminate pictures for saving disk space.
Columns :
- Date-Time
- IP
- URL
Features in this page :
| [1]¡G | DYNAMIC:
press to refresh Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | show [ IP ] or [ hostname ] and records per page<100 |
| [3]¡G | Single delete or delete all |
| [4]¡G | click the red icon to view the source codes |
| [5]¡G | click [ URL ] to view the page |
| [6]¡G | First, Previous, Next, Last page |
| [7]¡G | Current page information¡C |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
View the pages :
¡@¡@Click the URL to view the page.
Source Code :
¡@¡@Click the red icon to view the source codes.
E. Telnet
E-Detective System records the Telnet sessions.
1. Telnet
Telnet function records date, time, User IP, and Telnet Server IP. Click it then you get session information.
Columns:
- Date-Time
- IP
- Account
- Pass: password
- Server: TELNET [ or BBS ] server IP
- File Name
- Size
Features in this page :
| [1]¡G | TELNET:
press to refresh Delete: check the checkbox and press [ Delete ] to delete records Search: [ Search ] popup search window and press [ Submit ] when search keyword is defined |
| [2]¡G | records per page<100 |
| [3]¡G | Single delete or delete all |
| [4]¡G | click [ File Name ] to view the session of Telnet or BBS |
| [5]¡G | First, Previous, Next, Last page |
| [6]¡G | Current page information |
Search :
¡@¡@Click search button then search window popup, press submit when keyword is inserted. Advanced searching is defined by following terms.
¡@¡@Searching by current shown IPs IP class or specific IPs could be achieved by press the button [more¡K].
2. Content
- Play: play by ASCII
- Fast: display row by row
- Copy: mark what you want to copy, press [ Copy ] and paste to your notepad
- Clean: clear current page
F. Configuration
E-Detective configuration provisioning system.
Nine parts for different configuration:
1. Network Set
2. Storage
3. Services
4. Edit Password
5. Backup Data
6. Domain
7. Network Rules
8. Input
9. Setup Mail
1. Network Set
If you want to change E-Detective System IP, netmask, broadcasting and gateway, you can input correct parameters. Then, press [Finished] button to become effective.
Note: system will reboot itself when pressing [Finished] button¡C
Note: one public IP alias on NIC makes it easier while remote login.
Features in this page:
- Device Set
- DNS Set
- Shut down and reboot
- Timing
| 1. |
Before setting IP, erase previous IP first by clicking [X], choose [Sniffer / Mirror / Bridge / Tap] mode and then input correct parameters. |
| 2. |
Press [Transfer] when IP is placed. |
| 3. |
Press [Finished] and system reboot itself. |
Sniffer :
Passive listen mode for single NIC appliance and hub environment.
Setting¡G
Click Sniffer Mode and choose eth0 with specific IP, eth0 becomes the intercept NIC.
Mirror :
Mirror mode¡Afor twin NIC on Switch Hub with Mirror Port.
Setting:
Choose Mirror Mode on eth0 with specific IP, eth1 becomes the collecting NIC.
Bridge :
Bridge mode. For twin NIC appliance.
Setting:
Choose Bridge NICs, and set the IP.
Tap:
Hardware Bridge
mode.
For three NIC appliance..
Setting:
Choose NIC for manager, set an IP for it.
Choose Bridge NICs.
Setting primary and secondary DNS, finish setting and press [Reset].
System Action & Server Time:
Shut down or reboot E-Detective System by pressing the button on this page remotely, time setting is also available here.
2. Storage
Contents:
HD Status :
Hard disk utilisation information including hard disk capacity, utilisation, and space left, warning message is issued to administrator while utilisation reaches 80%.
OpenRaw :
The amount of Packets that captured by E-Detective, press [Update] to refresh.
Server Status :
List server status and networking activities.
3. Services
You may switch [on / off] to activate the functions here:
- SSH
- FireWall
- OpenRaw
FireWall :
Create specific IP for allowing login E-Detective System.
4. Edit Password
Change root password. Password shall be more than 6 characters.
5. Backup Data
- Auto Backup
- Manual Backup
[1]¡GAuto Backup
Schedule your backup plan here.
Scheduling :
Automatic backup could be scheduled daily, weekly or monthly. Capacity of Data captured within the intervals shall be less than 600MB. Or else manual backup with CDROM is necessary. Click [OK] while schedule is set up.
Forward the message:
System will automatically send a message to administrator while ISO file is generated, you may decide to burn a CDROM or export the ISO to storage.
Burning CD:
| a. | Press [SETTING] => [Backup Data] => [Backup] to burn specific ISO files. |
| b. | Press
[Make CD] to choose specific ISO and press [Burn] to burn CDROM. |
Export image to hard disk:
| a. | Press
[ SETTING ] => [ Backup Data ] => [ Backup ] |
| b. | Press [Make CD] to choose specific ISO and then press [ Output ISO ] to export ISO to hard disk. |
Delete ISO
| a. | Press [ SETTING ] => [ Backup Data ] => [ Backup ] to delete ISO file. |
Delete backup data
| a. | Press [ SETTING ] => [ Backup Data ] => [ Backup ]. |
| b. | After
backup data, there will be occured the red of [x] at the [Del] column
of [Make ISO] page. |
[2]¡Gmanual backup
Flexible backup solution on demand, E-Detective System will generate a new folder to store the image while the image is exceeding 600MB.
Make ISO:
| a. | Press [ SETTING ] => [ Backup Data ] => [ Backup ]. |
| b. | Choose what you want to backup, and then press [ Make ] to generate ISO |
Note¡G You can¡¦t backup the folder,If the folder is using. If you want to backup the folder, press [ SETTING ] => [ Services ] to stop [ OpenRaw ].
Burning CD:
| a. | Press
[SETTING] => [Backup Data] => [Backup] to burn specific ISO
files. |
| b. | Press
[Make CD] to choose specific ISO and press [Burn] to burn CDROM. |
Export image to hard disk:
| a. | Press
[ SETTING ] => [ Backup Data ] => [ Backup ] |
| b. | Press
[Make CD] to choose specific ISO and then press [ Output ISO ] to
export ISO to hard disk. |
Delete ISO
| a. | Press
[ SETTING ] => [ Backup Data ] => [ Backup ] to delete ISO
file. |
Delete backup data
| a. | Press
[ SETTING ] => [ Backup Data ] => [ Backup ]. |
| b. | After
backup data, there will be occured the red of [x] at the [Del] column
of [Make ISO] page. |
6. Domain
Add a Domain.
Click [Create], and add a new Domain as following format.
7. Network Rules
E-Detective specifies specific network access rule in specific time.
E-Detective will issue warning Email to both the one who breaks the rule and the administrator. This function corrects network access behaviour automatically and no impact to the network.
Administrator may establish policy by press [Create] and [confirm] when set; modify the policy by [Reset].
You may set up policy to rule the access activities of web surfing, Email, file transferring, ICQ, AOL, MSN, Yahoo chatting, Telnet, and webmail.
Note: warning message is issued within one hour after the violation occurred
Columns :
- Date-Time
- Type
- IP
- Inform Account-1
- Inform Account-2
- Rule
Features in this page :
| [1]¡G | Rules
Of Using Network: press to refresh Delete: check the checkbox and press [ Delete ] to delete records Create: [create ] popup create window |
| [2]¡G | records per page<100¡C |
| [3]¡G | Single delete or delete all |
| [4]¡G | click [ Rule ] to view the rule |
| [5]¡G | First, Previous, Next, Last page |
| [6]¡G | Current page information¡C |
To create a new rule: fill what you want to define as followings and then press [Confirm].
| Account¡G | Insert domain or user IP |
| Type¡G | ¡uPOP3¡v ¡uSMTP¡v ¡uFTP¡v ¡uMSN¡v ¡uICQ¡v ¡uYAHOO¡v ¡uHTTP¡v ¡uURL CONTENT¡v ¡uWEBMAILR¡v ¡uWEBMAILS¡v ¡uTELNET¡v- TELNET Server IP |
| Rule¡G | ¡uPOP3¡v- E-mail Address or
XXX.com.tw ¡uSMTP¡v- E-mail Address or XXX.com.tw ¡uFTP¡v- FTP id¡BServer IP ¡uMSN¡v- specific MSN ID ¡uICQ¡v- specific ICQ ID ¡uYAHOO¡v- specific YAHOO ID ¡uHTTP¡v-insert keyword e.g. Yahoo¡BHinet ¡uURL CONTENT¡v- insert keyword e.g.Yahoo¡BHinet ¡uWEBMAILR¡v- insert keyword e.g.Yahoo¡BHinet and server type ¡uWEBMAILS¡v- insert keyword e.g.Yahoo¡BHinet and server type ¡uTELNET¡v- specific TELNET IP ¡uATTACHMENT¡v- check the checkboxes |
| SetupTime¡G | Format ¡uhour¡Gminute¡v¡A24HR |
| Allow¡G | ¡uYES¡vallow to access in specific intervals¡B¡uNO¡vdeny to access in specific intervals¡Asend warning Email while violation occurs. |
| Inform account-1¡G | user E-mail Address |
| Inform account-2¡G | Administrator E-mail Address |
8. Email Setting
Default Email for system to receive the warning Email, any POP mailbox is possible.
Settings¡G
1. Press [Remote]
2. Insert domain, e.g. msa.hinet.net
3. set Sender E-Mail address, e.g. xxx@msa.hinet.net
G. Status
3 statuses:
- Backup Record
- Online IP List
- Login List
1. Backup Record
Database logfiles is listed 10 records per page; press [All Record] to view all the records.
Press [All Record] to view all the records in the following window
2. Online IP
E-Detective automatically searches IPs on network if there is no IP list, the amount of IPs is granted by license, automatic searching is not targeting on specific target. To target specific users, you might need to establish a target list; you may also group them for better management.
To specify a target IP, please choose group function, and edit the IP, hostname and group, press [on line IP info] to view current status.
Columns :
- Status
- Pc IP
- Pc Name
- At Least Time
- Group
Features in this page :
| [1]¡G | Online
IP List: press to refresh Delete: check the checkbox and press [ Delete ] to delete records Create: [Create] to create IP Auto Search: [Auto Search ] popup search window and edit IP range to search Hide IP:[Hide IP] to hide the IP records Skip IP:[skip IP] to skip the IP from recording Import:[ Import] import targeting IP list from Excel file. |
| [2]¡G | records per page<100¡C |
| [3]¡G | Single delete or delete all |
| [4]¡G | edit IP range to search |
| [5]¡G | First, Previous, Next, Last page |
| [6]¡G | Current page information¡C |
Add an IP :
Single adding:
Click [Create] to popup the window and insert IP, name and group. Click [Create] to add.
Multiple IPs adding :
¡@¡@Press [Auto Search] and then insert IP range to search IPs, check IPs on the list and then press [Update] to add.
Hide IP records :
Press [Hide IP]; edit the IP that you want to hide
Note: record of the hidden IP is recorded on the background
Skip IP :
Click [Skip] and insert specific IP, press [Add] to add the IP to [Skip IP List]
Input :
Import targeting IP list from Excel file.
Format¡GIP¡FNAME¡FGROUP
Note 1: Save Excel file as *.CSV
Note 2: No Chinese Big5 Name, please convert big5 code to Unicode.
Note 3: Setting the value of GROUP at [No.] column of [TOOL] = > [Group Set] page.
Excel format¡G
3. Login List
System log for security control.
Columns:
- IP
- Login ID
- Login Time
- Language
- Status
Features in this page :
| [1]¡G | Login
List: press to refresh Delete: check the checkbox and press [ Delete ] to delete records |
| [2]¡G | records per page<100¡C |
| [3]¡G | Single delete or delete all |
| [4]¡G | First, Previous, Next, Last page |
| [5]¡G | Current page information |
H. Utilities
There are 5 utilities:
- Delete Data
- Group Set
- Add Users
- Search
- Up/Down Files
1. Delete Data
Delete Mode Data:
Delete Email, Ftp, Chat, Http, Webmail, and Telnet in the menu.
Features in this page:
a. Mode: choose what you want to delete, e.g. POP3
b. Date
c. Time
d. Field: index e.g. sender
e. Value: specify value, e.g. [ ken@decision.com.tw ]
You can set schedule to delete data.
Delete All Data¡G
Insert user ID and password to delete all records.
Note: E-Detective will automatically switches off the [OpenRaw] after deleting all data, please switch it on manually via [SETTING] => [Services] => [OpenRaw] if you want to perform recording.
2. Group Set
Group settings :
- Add a new group
- Change group name
- Modify member of group
- Delete a member
Note: delete all the members before delete the group
Change password, group, and delete user:
Click [Member] to modify, press [Update] after editing. Press [Delete] to delete the user.
Add group :
Press [ Add Group ] and popup the window, insert group name [support Big5]¡Athen press [ Create ] to add.
Modify group name :
Select Group Name and input new name in [modify to], and then press [Update] to modify.
3. Create User
Edit the user and press [Confirm] to activate it.
Insert user name and password (at least 6 characters) in following window and then press [Confirm].
4. Search
The system provide advance serach function. That can be searched base on the setting search statement.
- clear the setting search statement when it is pressed [Reste]
- Seach when it is pressed [Search]
- Close the seraching window and back to previous status when it is pressed [close]
Date¡GKey in the seaching date, e.g¡G 2004-09-20.
Time¡GKey in the seaching time, e.g¡G 09¡G30 ~ 18¡G00.
Source IP¡GKey in the seaching source IP, e.g¡G 192.168.1.20.
E-Mail Address¡GKey in the seaching e-mail account, e.g¡G ken@decision.com.tw.
Subject¡GKey in the seaching subject, e.g¡GShow Girl.
Webmail Type¡GKey in the seaching Webmail Type, e.g¡GHinet¡BGiga¡BYahoo¡Ketc.
FTP Server¡GKey in the seaching¡G203.187.1.180.
FTP User¡GKey in the seaching FTP server IP, e.g¡GTest.
MSN Account¡GKey in the seaching MSN account, e.g¡Gshe0430@hotmail.com.
ICQ Account¡GKey in the seaching ICQ account, e.g¡G207706947.
YAHOO Account¡GKey in the seaching YAHOO account¡Gvalenhsu9999.
URL¡GKey in the seaching URL, e.g¡Gwww.hinet.net.
Telnet User¡GKey in the seaching TELNET account, e.g¡Gguest.
Other¡GKey in the reguired seaching data. [Limited the data that can find out from the searching page.]
Note¡GSearch the key in statement as way of ¡§AND¡¨.
Note¡GWhen key in more than one account , please type ¡§;¡¨ after each account to separate them.
Example¡G
e.g 1¡GIf one would like to search the data including the data of [ 192.168.1.20 ] IP, please key in the search IP at [ source IP ]. The system will search all the data including relative IP.
After key in setting, press [Search].
After searching, it will occur ¡§Search the result¡¨ at search page. Please select the reguirement searching type at relative place.
There are all data relatived IP = 192.168.1.20 guveb by the searching statement.
e.g 2¡GIf one would like to do more detuil search, please key in the data at different column. [ e.g¡GIP = 192.168.1.20 & MSN = she0430@hotmail.com ]. Please note the system will not only the data including the relatire IP = 192.168.1.20, but also give all the data regarding to both the [ IP = 192.168.1.20 & MSN = she0430@hotmail.com ].
After key in setting, press [search].
After searching, it will occur ¡§search the result¡¨ at search page. Please select the requirement searching type at relatire please.
There are all data relatived [ IP = 192.168.1.20 & MSN = she0430@hotmail.com ] given by the searching statement.
Special Searching Type [suitable for MSN/ICQ/YAHOO]
Note: Use [OR] , [AND] for special seraching type.
e.g 1: Key in each account of user reference account (of source) and the participant (of destination) at MSN/ICQ/YAHOO. [select the pre-setting both reference account of source and destination, the first column is for user reference account (of source) and another one is for participant reference account (of destination)]
The data finding out base on the searching statement are user reference account and participant reference account. User reference account as [aries0724@msn.com] and participant reference account [she0343@hotmail.com].
So it can categorize as below two combined group¡G
| 1. | User reference account as [aries0724@msn.com] and participant reference account [she0343@hotmail.com]. |
| 2. | User reference account as [she0343@hotmail.com] and participant reference account [aries0724@msn.com]. |
Language instruction¡G
When you key in two textbox column, the first textbox column is as sigle account [dc@decision.com.tw], the second textbox column is as sigle account [web@decision.com] , then checkbox column will be enable, but it is not allow to modify and searching the data like as below:
((user reference account = dc@decision.com.tw and participant reference account = web@decision.com.tw ) or (participant reference account = web@decision.com.tw and user reference account = dc@decision.com.tw )) , then use "and" combining the other seraching coulmn.
e.g 2¡GKey in two [ or three ] user reference account and one participant reference account at MSN/ICQ/YAHOO. [ select the pre-setting both reference account of source and destination, the first column is for user reference account (of source) and another one is for participant reference account (of destination)].
The data finding out base on the searching statement are user reference account [aries0724@msn.com or dc040201@hotmail.com or diesis@ms62.hinte.net ] and participant reference account aries0724@msn.com].
So it can categorize as below three combined group¡G
| 1. | User reference account as [aries0724@msn.com] and participant reference account [she0343@hotmail.com]. |
| 2. | User reference account as [dc040201@hotmail.com] and participant reference account [she0430@hotmail.com]. |
| 3. |
User reference account as [diesis@ms62.hinet.net] and participant reference account [she0430@hotmail.com]. |
Language instruction¡G
When you key in two textbox column, the first textbox column is as [web@decision.com.tw ; ken@decision.com.tw] for multi-account (maximum only 3 multi-account), the second textbox column is as sigle account [web@decision.com] , then checkbox column will be enable, but it is not allow to modify and searching the data like as below¡G
participant reference account = dc@decision.com.tw and user reference account = web@decision.com.tw or user reference account = ken@decision.com.tw , then use "and" combining the other seraching coulmn.
e.g 3¡GKey in one user reference account and two [ or three ] participant reference account at MSN/ICQ/YAHOO. [ select the pre-setting both reference account of source and destination, the first column is for user reference account (of source) and another one is for participant reference account (of destination)].
The data finding out base on the searching statement are user reference account [she0430@hotmail.com] and participant reference account [aries0724@msn.com or dc040201@hotmail.com or diesis@ms62.hinet.net ].
So it can categorize as below three combined group¡G
| 1. | User reference account as [she0343@hotmail.com] and participant reference account [aries0724@msn.com] |
| 2. | User reference account as [she0430@hotmail.com] and participant reference account [dc040201@hotmail.com] |
| 3. |
User reference account as [she0430@hotmail.com]and participant reference account [diesis@ms62.hinet.net] |
Language instruction¡G
When you key in two textbox column, the first textbox column is as single account dc@decision.com.tw , the second textbox column is as multi-account [web@decision.com]; ken@decision.com.tw (maximum only 3 multi-account) , then checkbox column will be enable, but it is not allow to modify and searching the data like as below¡G
user reference account = dc@decision.com.tw and (participant reference account = web@decision.com.tw or participant reference account = ken@decision.com.tw , then use "and" combining the other seraching coulmn
e.g 4¡GKey in two [ or three ] user reference account and without key in participant reference account at MSN/ICQ/YAHOO. [key in the account can be selected by pre-setting either user reference account or participant reference account or both. The first column is for user reference account (of source) and another one is for participant reference account (of destination)].
The data finding out base on the searching statement are user reference account or participant reference account [aries0724@msn.com or dc040201@hotmail.com or diesis@ms62.hinet.net ]
So it can categorize as below six combined group¡G
| 1. | User reference account as [aries0724@msn.com] and participant reference account will be as any account. |
| 2. | User reference account as [dc040201@hotmail.com] and participant reference account will be as any account. |
| 3. |
User reference account as [diesis@ms62.hinet.net] and participant reference account will be as any account. |
| 4. |
User reference account will be as any account and participant reference account as [aries0724@msn.com ] |
| 5. |
User reference account will be as any account and participant reference account as [dc040201@hotmail.com] |
| 6. |
User reference account will be as any account and participant reference account as [diesis@ms62.hinet.net] |
Language instruction¡G
| 1. | When
you key in the first textbox column as multi-account
[dc@decision.com.tw ; web@decision.com.tw] (maximum only 3
multi-account), then checkbox column will be enable, the data will be
serached like as below:¡G (user reference account = dc@decision.com.tw or user reference account = web@decision.com.tw ) , then use "and" combining the other seraching coulmn. |
| 2. | When
you key in the first textbox column as multi-account
[dc@decision.com.tw ; web@decision.com.tw] (maximum only 3
multi-account), then only select the participant account at checkbox
column, the data will be serached like as below¡G (participant reference account = dc@decision.com.tw or participant reference account = web@decision.com.tw ) , then use "and" combining the other seraching coulmn. |
| 3. |
When
you key in the first textbox column as multi-account
[dc@decision.com.tw ; web@decision.com.tw] (maximum only 3
multi-account), then select the participant account and user reference
account at checkbox column, the data will be serached like as below¡G (user reference account = dc@decision.com.tw or participant reference account = web@decision.com.tw or participant reference account = dc@decision.com.tw or user reference account = web@decision.com.tw ) , then use "and" combining the other seraching coulmn. |
e.g 5¡GKey in one user reference account and without key in participant reference account at MSN/ICQ/YAHOO. [key in the account can be selected by pre-setting either user reference account or participant reference account or both. The first column is for user reference account (of source) and another one is for participant reference account (of destination)]
The data finding out base on the searching statement are user reference account or participant reference account [she0430@hotmail.com]
So it can categorize as below two combined group¡G
| 1. | User reference account as [she0430@hotmail.com] and participant reference account will be as any account. |
| 2. | User reference account will be any account and participant reference account is as [she0430@hotmail.com] |
Language instruction¡G
| 1. | When
you key in the first textbox column as single account
[dc@decision.com.tw] , then checkbox column will be selected only user
reference account and serached the data like as below¡G (user reference account = dc@decision.com.tw ) then use "and" combining the other seraching coulmn. |
| 2. | When
you key in the first textbox column as single account
[dc@decision.com.tw] , then checkbox column will be selected only
participant reference account and serached the data like as below¡G (participant reference account = dc@decision.com.tw ) then use "and" combining the other seraching coulmn. |
| 3. |
When
you key in the first textbox column as single account
[dc@decision.com.tw] , then checkbox column will be selected both user
reference account and participant reference account, then the data will
be serached like as below¡G (user reference account = dc@decision.com.tw or participant reference account = dc@decision.com.tw ) , then use "and" combining the other seraching coulmn. |
5. Upload / Download
You may compose customised warning message and upload to system for hard disk capacity alarm.
Upload Warning File¡G
Select your customised message and upload to system, click your own message to preview message content, sample.txt is a default file, no way to delete it.
Rule :
Specific sender Email address, subject and message file, system will issue the message while utilisation is reaching 80% of capacity.
Delete Warning File¡G
Delete the current policy.
Fault Data Download¡G
Send back the downloaded fault data package to original company to analysis.
I. REGISTER
System is activated via certificated registration.
- Serial No
- Quantity (license of users)
Note: Registration shall be done via Internet.
J. DATA MINING
E-Detective Data Mining is using the user¡¦s key word, the key in data statement to easily find out the data from (E-mail / POP3, SMTP, IMAP, Hot-mail, Web-mail)¡Gnot only comparing the content and attach file but also arranging out the relatived keyword message.
1. Searching by keyword is completely supported by the way of Boolean Logic.
- Key word
- ¡§&¡¨ and ¡§AND¡¨
- OR
- ¡§NOT¡¨ not include
- ¡§NEAR¡¨
- Logic used orderly
The system will connect to the main page and show the searching data after selecting the numerical number.
2. Searching IP
User can key in "ip:" and add the IP number that you would like to search, press [Confirm] then the system will auto search the data including the relative IP.
The system will connect to the main page and show the searching data after selecting the numerical number.
K. REPORTING
E-Detective support completely strategic decision control of chart and report. It can use user's requirement to set multi strategic decision analysic control report. By these detail analysic data, you may easily judge and understand more for using the internet activities and take advantage of the work efficiency.
The moment report can clasify
1. Single functional report (Single Report)
(eg. IP of HTTP, the receiver of POP3 ...etc)
2. Group IP with Group Report (Group Report)
(eg. 192.168.0.2 and 192.168.0.5 compare with POP3, MSN, HTTP)
1. Single functional report (Single Report)
Step 1.
Statistic how many data at the selected module during the seraching time.
Mode¡GPOP3¡BSMTP¡BFTP¡BMSN¡BICQ¡BYAHOO¡BHTTP¡BDYNAMIC¡BWEBMAILR¡BWEBMAILS¡BTELNET
Step 2
Show Chart
Here can select
Chart Type¡G
- Bar Chart
- Pie Chart
Sort by¡Gdata type
- Count¡Gtotal data.
- File count¡Gall included attched file data.
- File size¡Gall included attached file size.
Select Chart Type¡BShow Top¡BSort by. Clip Change Chart then can display you the type you would like to display.
Download File
After clipping, it can download the file that shown on the present chart figure(.png).
After clipping, it can print out the present chart figure.
Note¡GBecause the charset of sender and receiver of POP3 , SMTP , webmail , and the user hangle and participants of YAHOO is not saved by unicode.When showing the chart, you can choose the correct charset (unicode, big5, gb2312 )
2. Group IP with Group Report (Group Report)
After select Group Report, it will occur the following Group Report list
| (1) |
Select the icon to directly connect to Single Report. |
| (2) |
The report given by the setting is for date. |
| (3) | Select the report needs to statistic which type (default setting: ALL, it can choice multiple) |
| (4) | Can add the new IP by manual. After key in the IP at the back of the text box, clip the mouse at the blank space on the screem, then the key in IP will be added in the IP list. |
| (5) | IP list will be listed out the moment statistic IP. The selected IP (was blocked) will make into a statistic list at next page (default setting: ALL) |
| (6) | Can be deleted the data that listed in the IP. There has two ways you can deleted all or delete as you select. |
| (7) |
The record IP list that have listed in the present E-Detective system. |
| (8) | By using the mouse to select any IP, it can be added the IP to the new IP list, the maximum can be selected 10 IP. |
| (9) | Display the figure. |
L. MANUAL
There are manuals of the users of English and Chinese-traditional at present.
M. LOGOUT
Log out to prevent from malicious peeping, log out and return to log in page automatically.