E-Detective
System ¡V Double-Layer Architecture
Part¡GOverview
Divided into packet retriever and interpretive server to have the following functions¡G
| 1. |
Packet retriever can retrieve all sent and received packet from specified target and categorize them by packet type. |
| 2. |
Interpretive server can interpret and recover the packets from packet retriever by protocol and application. |
| 3. |
Hardware specifications and functions of packet retriever and interpreting server have to meet the detailed requirements of Appendix I & II. |
Part II¡GSystem Architecture
The whole architecture as shown in Figure 1.
Figure 1
E-Detective Packet
Collector Specification
Part I¡GHardware Specification and System Performance
1. Built-in three RJ-45 interfaces, at least two of them support 10/100/1000 BASE-T.
2. Storage capacity of 80GB and above, expandable up to 300GB.
3. Ability to carry packet traffic at 120Mb/sec and above.
Part II¡GFunction
| 1. |
Supporting packet type: Email packet¡]POP3, SMTP and Web mail¡^, FTP packet, TELNET packet, Instant Message packet¡]MSN¡BICQ¡BAOL¡BYahoo Message¡^and Website packet. The system will store the other packets in original form by different needs. | |
| 2. |
System Control¡G | |
| 2.1 |
Remotely changes network setting, DNS, corresponded IP, communication port and shutdown via web browser. | |
| 2.2 |
Displays HDD information, including capacity, space used, available space and used percentage. The system will pop up a warning message when used percentage reaches 80%. | |
| 3. |
User¡¦s list management: to edit user¡¦s IP and domain name, and display user¡¦s status. | |
| 4. |
Account management: to set up user¡¦s account, password, group and authorities. | |
| 5. |
Web interface management: supporting https and SSH to have best data security. | |
E-Detective
Restructure Server Specification
Part I¡GHardware Specification and System Performance
1. Built-in three RJ-45 interfaces, at least two of them support 10/100/1000 BASE-T.
2. Built-in CD-ROM (CD-RW) at 24x write-in for backup.
3. Storage capacity of 80GB and above, expandable up to 300GB.
Part II¡GFunction
| 1.
|
Email records¡G | |
| 1.1
|
POP3¡GPOP3 list will record detailed information of each received e-mail, which includes receiving date and time, sender, receiver, carbon copy, topic, size and attachment. Additional functions include deleting data, set up the displayed number of data entry on each page, search by defined criteria, to view the contents and open attachment, set up exceptional rules, and deleting data by exceptional rules. Exceptional rules can decide not to display certain data by sender, receiver, carbon copy, topic and file size is equal to or smaller than default. | |
| 1.2 |
SMTP¡Gwill record detailed information of each sent e-mail, which includes receiving date and time, sender, receiver, carbon copy, confidential carbon copy, topic, size and attachment. Additional functions include deleting data, set up the displayed number of data entry on each page, advanced search, search by defined criteria, to view the contents and open attachment. | |
| 1.3 |
Mail forwarding¡Gto filter e-mail, the system will record and forward the mail to specified personnel by defined rules. | |
| 1.4 |
Email
statistics¡G 1.4.1 Total numbers of e-mail on everyday 1.4.2 Total file size of e-mail on everyday 1.4.3 Total numbers of e-mail which has attachments 1.4.4 Total numbers of e-mail with specific user 1.4.5 Total file size of e-mail with specific user 1.4.6 Total numbers of attachment with specific user |
|
| 2. |
FTP records¡Gto record date, time, IP, user¡¦s name, password, uploaded and downloaded file. Additional functions include: FTP records, deleting data and set up the displayed number of data entry on each page. | |
| 3. |
TELNET records¡Gbehavioral records of Telnet login and logout, and display them in text format. | |
| 4. |
Instant Message records¡G | |
| 4.1 |
Recording
date, time, user¡¦s ID, contacts, dialogues and attachment. |
|
| 4.2 |
Displaying statistics by [Date] or [IP]. | |
| 4.3 |
Recording instant messages of MSN, ICQ, AOL and Yahoo Message. | |
| 5. |
Website records¡Gto record the URL and the contents of web mail browsed by user. | |
| 5.1 |
URL
records¡Gdate, time, user¡¦s IP (or user¡¦s name) and URL. |
|
| 5.2 |
Web mail records: the records of web mail being sent, includes date, time, sender, receiver, carbon copy, topic, attachment and the Web mail server being used. | |
| 5.3 |
Recording the contents of Web mail through web page. | |
| 5.4 |
Supporting to record the Web mail server of Hinet, Hotmail, PCHome, Yahoo, URL, Giga, Yam, Sina, Seednet, mail.tom.com, mail.163.com, Sohu.com and Maildozy (Thailand). | |
| 6. |
System Control¡G | |
| 6.1 |
Remotely
changes network setting, DNS, corresponded IP, communication port and
shutdown via web browser. |
|
| 6.2 |
Displays HDD information, including capacity, space used, available space and used percentage. The system will pop up a warning message when used percentage reaches 80%. | |
| 7. |
User¡¦s list management: to edit user¡¦s IP and domain name, and display user¡¦s status. | |
| 8. |
Account management: to set up user¡¦s account, password, group and authorities. | |
| 9. |
Rules of violation¡Gadministrator can prohibit computers from performing specified tasks during specified duration. The system will issue an alert mail to user and notify administrator when user violates the rules. The rules can be multiply set by specific website, e-mail, uploaded file, downloaded file, instant messaging (ICQ, AOL, MSN, YAHOO), TELNET and Web mail. | |
| 10. |
Web interface management: supporting https and SSH to have best data security. | |
