Paraben's Enterprise Forensic Tools - Paraben Enterprise: How it Works

		Home \| Resellers \| Support \| Contact Us
		Enterprise Forensics Paraben Enterprise Pro Paraben Shuttle Pro Paraben Shuttle Free Paraben Enterprise Investigator Enterprise Image Capture Enterprise Discovery Platform Mobile Forensics Device Seizure Mobile Field Kit Deployable Field Kit DDS (Deployable Device Seizure) DS Box SIM Card Seizure StrongHold Faraday Products Save-A-Phone Hard Drive Forensics P2 Commander Deployable P2 Commander E-mail Examiner Network E-mail Examiner P2 eXplorer Pro Forensic Replicator Chat Examiner Passware Kit Forensic Project-A-Phone Project-A-Phone Flex Project-A-Phone ICD-8000 Consumer Tools iRecovery Stick Phone Recovery Stick Data Recovery Stick Porn Detection Stick Windows Breaker Chat Stick Passport StrongHold SIMCon Free Software Shuttle Free P2 eXplorer Free Link2 Bundles Ultimate Forensic Bundle P2 Command Kit Device Seizure Flex Bundle Mobile Field Kit Deployable Field Kit Cell Phone Forensic Consulting Computer Forensic Consulting Expert Testimony Cellphone Forensic Training (PCME) Mobile Level 1 Mobile Level 2 Mobile Level 3 PCME Certification P2 Commander Training (PCFE) Intro to P2 Commander Level 1 Advanced P2 Commander Level 2 PCFE Certification Level 3 Training Centers Virginia Training Center Free Webinars Company Overview Our Websites paraben.com paraben-enterprise.com paraben-training.com paraben-consulting.com paraben-sticks.com projectaphone.com simcon.no pfic-conference.com Contact Resellers Support Customer Support User Forum Fun Stuff Register a Product

Products

Enterprise

Mobile Forensics

Hard Drive Forensics

Project-A-Phone

Free Software

Bundles

Training

Paraben Enterprise - How it Works
A Network Forensic tool needs to be much more than a live acquisition tool. Paraben Enterprise incorporates security, monitoring, and forensic acquisitions, analysis, and reporting into one robust and functional tool. This is accomplished using an agent that resides on the target machine to facilitate all communications and requests. Each component has a specific function such as the GUI, authentication, the storage, etc.

The Components

Paraben Enterprise

	Server Module 1: Central Authentication Server (CAS) This module is the authentication mechanism behind P2 Enterprise. It maintains all rules and information for interconnections between all other modules. It also acts as the central repository for all forensic images & data collected. The CAS works hand in hand with data management capabilities associated with Microsoft SQL Server or MYSQL.
	Server Module 2: The Enterprise Proxy The Enterprise Proxy serves one main purpose as it is the main communication pass through for the system as well as for the routers and firewalls. All other modules use the Proxy to unify all data transfers through one secure gateway. The authentication process is also performed on the Proxy side to make security even stronger. The Proxy has a base of 128-bit encryption.
	Server Module 3: The Captain The Captain module provides the GUI for the customization of P2 Enterprise. It is the centralized manager for all of the Agent-Crew modules in the network. A. The Proactive Monitoring Capabilities The Captain provides a concise user interface for setting the rules that will be stored in the CAS. Some of the rules/capabilities include monitoring system logins, running processes, file activity, event logs, network sniffing of local traffic, hardware monitoring, application installs/uninstalls, data copied to internal systems, deleted activity, and more. B. Active Computer Investigations The Captain module is also responsible for initiating forensic investigations on Agent-Crew machines. Due to advanced techniques used in the development process, the user is able to perform almost any usual operation remotely on Agent-Crew machines, including (but not limited to) device mapping, remote memory examination, remote administration, and complete remote hard drive acquisitions. C. Technical Specifications P2 Enterprise adheres to strict forensic practices by ensuring that data integrity is maintained. The clients are completely invisible to the local users and all of the P2 Enterprise components support Windows 2K/XP/2003. The full P2 Enterprise system is fully capable of working with other suites that are currently deployed in an enterprise.
	Client Module: Agent-Crew (A-C) The Agent-Crew module is the main investigative module. It is installed on all the computers on the network for remote data collection and acquisition. The module is completely hidden from the user and its activity remains unseen. Most operations are performed at the lowest possible level, so it is possible to gather data from all PC activities. The Agent-Crew module can all be deployed remotely through the Captain interface. This module can function in a hidden and non-hidden mode. The hidden mode keeps all activity hidden to the end user. This means they will not be able to see any running processes or be able to locate the agent. Non-hidden mode allows the user to see the running process and the installed agent. All of the above components come together to create a comprehensive internal forensic suite for your enterprise. The P2 Enterprise solution is designed to be both comprehensive as well as cost effective for enterprises of all sizes. For more information or for a price quote on P2 Enterprise please contact us at enterprise@paraben.com.
	Secure Telnet P2 Enterprise also has its own secure telnet client that allows you to take control of a target machine in the event of an incident. You can kill processes, run command lines, and do all the other nifty stuff telnet offers. Scaling on Your Network The issue of scalability has always been a concern for network forensic software. P2 Enterprise addresses this concern with a powerful database and a carefully planned architecture that allows you to scale to any size network. By allowing unlimited captains, proxy servers, and central authentication servers to be installed with your license, the only limitation is your network itself. Whether you purchase a 500 seat license or a 500,000 seat license, you can scale it to fit your network.