FORENSICS & AUDITING
Cyber 2.0 is a very powerful and comprehensive monitoring, inventory and forensic tool.
Every packet to traverse the network passes through the Cyber 2.0 Chaos engine and is logged to a central controlling server (local or cloud). The central server is an advanced inventory and forensics tool with a powerful web interface incorporating free text and fixed-parameter search.
FORENSIC CAPABILITY
Every packet to traverse the network in or out of the computer passes through the Cyber 2.0 Chaos engine and is logged, the logs are sent to a central controlling server (local or cloud).
The information is organised and analysed by the central server. As a result, the user can view the following data:
-
Network flow (instead of hundreds of packets per connection – you see a single flow)
-
The source and destination of the flow
-
The source and destination ports
-
The user that initiates the network flow
-
The application or process name
-
The application or process #md5
-
The path of the running application
-
In case of a file system access, instead of a port, there will be the destination path and accessed files or doc
-
Incoming dropped packages
-
Incoming Broadcasts
-
Any application that was part of the chain of activation of that network flow
The central server then gives the System Users the Network Analyser tools to manage, view and helps them analyse the data.
THE NETWORK ANALYSER TOOL
-
Displays all the applications and processes from all the computers with the agent installed.
-
Shows all the applications from a specific computer. Or which computers a specific application is installed
-
After analysis the following information is available:
• The file #hash;
• The number of antivirus engine (if any) that identify the application as malicious;
• A link to the Virus Total page for the application.
