NetSec Forensics

NetSec Foresnic applies algorithmic knowledge discovery to support retrospective investigations of incidents that have caused the loss of lives, impacted civil safety and security.

Knowledge discovery is the process of extracting and inferring knowledge from data. NetSec Forensic provides supports in data collection and analysis.

Prediction is a process of deciding what the outcome or meaning of a particular situation is, by collecting and observing its properties.

Clustering:   putting objects or situations into groups whose members resemble each other and are usefully different from the members of other groups.  Knowing such clusters makes it efficient to decide how to handle a previously unseen situation. A special case of clustering is outlier detection, identifying that an object has not previously been included in a cluster.

Understanding connections and figuring out how objects, processes, and especially people are connected.

If knowledge is worth discovering,  NetSec F will support further probing. If the assessments by law enforcement are that a particular threat needs to be investigated further, NetSec F  can be deployed to obtain further intelligence by continually adjusting assessments in light of new intelligence or events.

Use NetSec Forensics for Network Discovery

Network discovery enables smarter identity matching and efficient oversight of group interaction. This functionality supports focusing investigations on people of interest and building a complete profile of a person.

To protect privacy, all network discovery is performed using encrypted identifiers until investigators can establish that there are sufficient grounds for re-identification.

For most criminal investigations, most knowledge discovery is likely to be conducted by starting from a known person or object and exploring the neighborhood of that starting point. Investigators can use NetSec F to identify a prime suspect's presence at the crime scene and collect subsequent movement and relationship data. This data can be used to generate action items or can be used in an exploratory mode to look at objects and people connected to an object or person of interest.

• A complete set of location and movement data call data records of the prime suspect in the past three months

• Co-location analysis – meetings with other target suspects and non-targets

• If, when, and where an adversarial has been close to a VIP

• Detect changes in SIM or phone

• Trajectory match for a second phone or SIM cards (a person is carrying two or more phones)

• Find the usual places of a  suspect by day and time

• Detect and alert when a suspect is not in his usual location

• Show only those encrypted IDs that did not leave in a given time frame

• Show only those encrypted IDs that are often in a given area

• Show only those encrypted IDs who are in a particular place within a specific time window

• Show all detected encrypted ID phones in a crime scene

• Origin of visitors, in encrypted IDs to a given area - where did they come from and where did they go after visiting the place)

• Show common encrypted ID in chosen areas and timeframes

• Show in encrypted ID,  who switched off in and on their phones during a given time

• Find the second phone in the encrypted ID of a suspect by trajectory analysis

NetSec F comes with a warrant management system.  Users must present electronic warrants before accessing the system.  System usages are logged for auditing and in accordance with the legal and administrative requirements.