X hits on this document

117 views

0 shares

0 downloads

0 comments

36 / 47

Orion Incident Response Live CD

3

Figure 24: Xplico timeline of HTTP requests from malware

Another excellent tool for ad-hoc analysis of log data is the visualization tool ggobi. The ggobi software takes comma separated value (.csv) or XML data as input and creates multi-dimensional views.

Rumint, the “network VCR player” is another included visualization tool. This tool uses multiple different visualization techniques, that can be combined together to highlight outlying data or interesting patterns.

There are also many, many tools that extract different views of the data contained in .pcap files. Orion includes a script (/orion/scripts/analyze-pcap) created by one of our team members that takes a packet capture as input, and produces output from the

John Jarocki, john.jarocki@gmail.com

Document info
Document views117
Page views118
Page last viewedSat Dec 03 10:27:28 UTC 2016
Pages47
Paragraphs864
Words8806

Comments