products

recon | overview

We have become accustomed to easily searching all data everywhere at any time.  The same should be true for network forensics and cyber analysis: all data from every application and every source should be searchable all the time, the way an analyst wants to search it. The solution is a search engine as the underlying data repository -- not a traditional database. This a core feature of recon.

Recon’s processing engines extract and convert packet-level network transactions and other data types, into rich documents. The rich documents are saved in their native file format, i.e. .wav, .jpg, http, .doc etc. Recon further processes the rich documents using search engine technology, indexing and correlating the rich documents. This advanced processing results in an easy to use, powerful and scalable network forensics and cyber analysis application. download recon spec sheet

recon | feature | Surveyor

Recon's Surveyor feature is a web 2.0 page reconstruction processing engine. Web 2.0 applications involve asynchronous JavaScript that dynamically assemble and re-assemble web pages. There is no static view of the page and quite the contrary: there are “atoms” of forensic artifacts that are related to each other in a common conversation.  The “atomic” artifacts cannot be re-constructed in a static manner since the page was dynamically updated over time. Imagine a Facebook or MySpace page that is being continually updated with posts over a longer period.

Recon’s Surveyor feature compiles these “atomic” artifacts in a manner that allows the researcher to visualize the conversation(s) that took place over any time period. Surveyor Screen shot

recon | feature | ePersona

Recon’s ePersona feature correlates and links all these entities together discovering the intersections of communication, electronic identifiers, and web meeting places, and artifacts (files, pictures, words) in common.

This electronic presence, which we call an ePersona, is created by discovering, extracting, and correlating all evidentiary attributes of an entity into cliques that relate people, places, organizations, names, electronic ids, numerical ids (telephone, fax, social security, credit card) electronic locations, geo-locations, graphic signatures, and other user definable entities.

An ePersona, is essential to any forensic investigator attempting to understand the scope and breadth of an electronic entity. ePersona Screen Shot

recon | benefits

• familiar search engine user interface reduces learning curve
• robust query engine for full word and meta-data search
• boolean search functions allows complex queries
• scalable and distributed
• sub-second response from very large data sets
• reconstruction of file transfers, emails, web 2.0, IM, chat and http
• creation of ePersona, electronic presence, information
• open API allows access to data store by third party applications
• installed on customer own COTS/GOTS appliance reduces TCO.

recon | specs |minimum supported requirements

• Cent OS 64 bit
• min 8 processors
• min 16GB ram
• min 500GB-1TB disk