X hits on this document

172 views

0 shares

0 downloads

0 comments

36 / 47

Orion Incident Response Live CD

3

Figure 24: Xplico timeline of HTTP requests from malware

Another excellent tool for ad-hoc analysis of log data is the visualization tool ggobi. The ggobi software takes comma separated value (.csv) or XML data as input and creates multi-dimensional views.

Rumint, the “network VCR player” is another included visualization tool. This tool uses multiple different visualization techniques, that can be combined together to highlight outlying data or interesting patterns.

There are also many, many tools that extract different views of the data contained in .pcap files. Orion includes a script (/orion/scripts/analyze-pcap) created by one of our team members that takes a packet capture as input, and produces output from the

John Jarocki, john.jarocki@gmail.com

Document info
Document views172
Page views173
Page last viewedTue Jan 17 22:15:29 UTC 2017
Pages47
Paragraphs864
Words8806

Comments