P2 Enterprise Shuttle Edition

Live Network Forensics Made Simple

Live network forensics and incident response come hand and hand. You never know what to expect all you know is that you have a short deployment to an enterprise and need to do an active gathering of data. This is where P2 Enterprise Shuttle comes in. P2 Enterprise Shuttle (P2EES) is a live network forensic tool that combines the power of the one-to-one forensic features from P2 Enterprise Edition (P2 ENTERPRISE) and makes them into an easy and cost effective deployment solution for any forensic team.

The P2 Enterprise Shuttle system is broken into similar components as the full P2 Enterprise system. The differences are found in the hardware recommendations being lower since many of the components can run on a single system, and the database management being done by MYSQL in coordination with the CAS server.

Server Module 1: Central Authentication Server (CAS)
This module is the authentication mechanism behind P2 Enterprise Shuttle. It facilitates the data management between the other modules. It also acts as the central repository for all forensic images collected and is integrated with MYSQL.

Server Module 2: The Enterprise Shuttle Proxy
The Enterprise Shuttle Proxy serves one main purpose as it is the main communication pass through for the system as well as for the routers and firewalls. All other modules use the Proxy to unify all data transfers through one secure gateway. The authentication process is also performed on the Proxy side to make security even stronger. The Proxy has a base of a 128-bit encryption.

Server Module 3: The Captain
The Captain module provides the GUI for the customization of P2 Enterprise. It is the centralized manager for all of the Agent-Crew modules in the network.

A. Active Computer Investigations
The Captain module is also responsible for initiating forensic investigations on Agent-Crew machines. Due to advanced techniques used in the development process, the user is able to perform almost any usual operation remotely on Agent-Crew machines, including (but not limited to) device mapping, remote memory examination, remote administration, and complete remote hard drive acquisitions.

B. Technical Specifications
P2 Enterprise adheres to strict forensic practices by ensuring that data integrity is maintained. The clients are completely invisible to the local users and all of the P2 Enterprise components support Windows 2K/XP/2003. The full P2 Enterprise system is fully capable of working with other suites that are currently deployed in an enterprise.

Client Module: Agent-Crew (A-C)
The Agent-Crew module is the main investigative module. It is installed on all the computers on the network for remote data collection and acquisition. The module is completely hidden from the user and its activity remains unseen. Most operations are performed at the lowest possible level, so it is possible to gather data from all PC activities. The Agent-Crew module can all be deployed remotely through the Captain interface.

The P2EES agent module can only function in a forensic mode unlike its counter-part in our P2 Enterprise Edition which can also be used for data collection & monitoring for proactive forensics. The forensic mode sends all data collected over the network to a central hidden store that is associated with the Shuttle CAS.

Each of these components come together to form the latest in deployable forensic solutions.

Recommended P2 Shuttle Pro Hardware

Paraben has teamed up with Forensic Computers to offer a complete solution for enterprise level incident response. We recommend a laptop and portable mass storage solution. Here are the specs:

Forensic Air-Lite Mobile12
Specifications:

Chassis: 8.3" L X 11.6"W X 1.3 ~ 1.5" T
LCD Panel: 12" WXGA LCD Display (1280 x 800 Resolution)
Motherboard: Intel 945GM Chipset
Processor: Intel Core Duo T2500 CPU 2.0GHz 667 MHz FSB (2MB L2 Cache)
Power: 65 Watt Power Brick (100-240 volts, 50/60 Hz)
Memory: 2GB DDR2 5300 (2 x 1GB Modules)
Hard Drive: 80GB SATA 150 2.5" Drive (8MB, 7200RPM)
Video Controller: nVIDIA GeForce Go 7600 (256MB)
DVD Burner: 8x DVD +/-R/RW Dual Layer
LAN: Onboard NIC supports 10/100/1000 Mbps
Sound: Supports Instant On Media Player & S/PDIF out support; includes software Integrated speakers
FireWire IEEE-1394: On board IEEE-1394A (one port)
PCI Express 54 Port: Includes PCI Express 34 FireWire 800 Card (with two ports)
Wireless: Intel PRO/Wireless 3495 (802.11a/b/g)
Ports: No PCMCIA Slot, ExpressCard/34 slot, USB 2.0 x 3,4-in-1 Card Reader for Secure
Digital, MMC, Memory Stick, Memory Stick PRO, S-Video Out, RJ-45 Port, Microphone-In /Line-in, Headphone-out, DC-In jack
Built-in CMOS Web Camera: 1.3 Mega-Pixel with Watchdog Feature
Ultimate Forensic Write Protection Kit: One Tableau T3U Forensic SATA Bridge; One 8" SATA Cable; One 4-pin Molex to SATA Power Cable; One Tableau T14 Forensic IDE Pocket Bridge READ ONLY (Black); One Tableau T14 Forensic IDE Pocket Bridge READ WRITE (Yellow); Two 2.5 Notebook Adapters; Two Tableau T2 Switches; One Tableau T4 Forensic SCSI Bridge; One 68-pin 8" SCSI ribbon cable; One 68-pin to SCA-80 Adapter; One 68-pin to 50-pin SCSI Adapter; One 50-pin one position SCSI ribbon cable; Two P9 to P9 FireWire Cables; Two P9 to P6 FireWire Adapters; Two P9 to P4 FireWire Adapters; One Tableau T8 Forensic USB bridge; One 6' USB Extension Cable, Two Tableau TP-1 Power Supplies (Auto sensing 100 - 230 volt, 50/60 Hz); and Two Female to Female 4-pin Molex Power Cables
Flash Media Reader: 25-in-1 Flash Media Reader (USB) (READ/WRITE)
Accessories: Targus Wheeled Laptop Bag * 400GB External Hard Drive (USB 2.0)* Powered 4-port USB 2.0 Hub * 30-piece Security Screwdriver Set * 10-in-1 Screwdriver
Software: QuickView Plus Version 8 * Norton Anti-Virus 2006 (OEM)
Operating System: Microsoft Windows XP Professional
Soft-sided Carrying Case: Choice of Targus 717XL or Samsonite Backpack
Dimensions & Weights: Computer and all components packaged in Pelican 1650 Case (32 1/2" L X 20 1/2" W X 11 15/16" D). Weight: 45 lbs
Warranty: Three Years on System. One Year on Tableau products.

Price: $4,995.00 (plus Shipping & Handling)

Warranty: During the one-year warranty period all components which fail may be replaced at the discretion of Forensic Computers with new or refurbished parts. Component failure due to lightning strikes, misuse or intentional damage is not covered. Shipping to Forensic Computers or a designated repair facility is the responsibility of the client. Return UPS Ground shipping to the client will be paid by Forensic Computers. International customers are required to pay the shipping costs for both directions after the first year. For more detail please visit: http://www.forensic-computers.com/warranty.html

Forensic Data Monster
The Forensic Data Monster is the ultimate in data storage, and is formatted in a RAID 5 configuration, using five 500GB disk drives to total 1.8 Tera Bytes of storage space.

The independent RAID configuration which can be accessed through either a LCD panel or a serial port, supports RAID levels 0,1,3 and 5 or JBOD. Host platforms include: FireWire 800, USB 2.0 and SATA (1x), and is backwards compatible with FireWire 400 and USB 1.1.

For configuration protection, the Forensic Data Monster also has array roaming, which stores the RAID configuration not only in the NVRAM but also on the disk drives. The array roaming allows the user to physically move the disk drives into another server, in any order and not lose the RAID configuration or the data.

The Forensic Data Monster II is shipped in a Pelican 1610 case which can be used for portability in the field.

Price: $3,495.00 (plus Shipping & Handling)

When combined with Paraben's P2 Shuttle Pro, there's nothing like it for incident response and live network forensics. You can purchase these items separately or combine them with P2 Shuttle Pro.

Home	Company	Products	Trainings	Forensic Accounting	Support	References	News
Copyright © 2009 Forensic People

Your One Stop For Forensic Solutions

Recommended P2 Shuttle Pro Hardware