Computer Forensics - Comprehensive Analysis and Training by Computer Evidence Ltd
Back to Home Page Products by Computer Evidence Ltd and DIBS UK Computer Forensic Investigation by Computer Evidence Ltd Computer Forensic Training by Computer Evidence Ltd Contact Computer Evidence Ltd The DIBSŪ Methodology

DIBSŪ AircaptureDIBSŪ Aircapture
For the first time the wireless network communications of hi-tech criminals and terrorists can be identified, recorded and analysed

 

DIBSŪ Aircapture WLAN 14

Professional Tools for Wireless Forensics

  1. Description
  2. Benefits of DIBSŪ Aircapture WLAN 14
  3. Frequently Asked Questions
Back to Top

1. Description

With the increasing use of wireless networks it has become essential that investigators are able to capture, store and analyse the contents of airborne communications. This can now be done in a forensically sound manner with DIBSŪ Aircapture WLAN 14.

Rugged, reliable and easy to use DIBSŪ Aircapture WLAN 14 captures communications on all channels in both static and mobile locations. It can be used to collect evidence of unlawful activities taking place via wireless LAN, including such areas as terrorist activities, drug trafficking, warlord communications, wireless hacking of networks and other criminal activities.

The equipment can easily be mounted in a small car and with a 2.4GHz omnidirectional antenna used to follow a suspect and safely record all communication activities.

In the military sphere DIBSŪ Aircapture WLAN 14 is used on the battlefield to capture enemy communications from up to 4 kilometers away. The data can then be tranmitted back to a secure location for ongoing analysis.

Back to Top

2. Benefits of DIBSŪ Aircapture WLAN 14

  • The unit is not visible in the air when running thus preventing the target from being alerted of the surveillance
  • High quality RF equipment ensures a tested range of 4 km
  • Easy to use by officers in the field.
  • 30 minutes training required
  • Linux OS give stability and the unit can store data for weeks, months and years.
  • Forensically sound with features such as GPS to provide location and date stamps in logs and encrypted files
  • Simultaneously monitors all 14 channels
  • Inbuilt filter supports such functions as surveillance of a specific MAC address thus solving mobility issues
  • Produces pcap files that are simple to import into analysis software
Back to Top

3. Frequently Asked Questions

  1. Why is it necessary to look at data on the air interface when it is available at the server or in the ISP? It can be difficult and time consuming to identify which ISP and/or server to observe. It may also not be possible to gain access. The DIBSŪ Aircapture WLAN 14 is capable of immediately capturing ALL traffic from ALL the possible WiFi channels whether it is voice, video or data.
  2. The traffic on the air interface is always encrypted. How is it decrypted? Encryption tends to be used about 50% of the time. Where it occurs the data can be captured in the encrypted form and then decrypted later. This may occur following a search of the suspect premises when public and private encryption keys are found. The equipment does support real time WEP and WPA decryption.
  3. Why is it necessary to see the air interface at all? Where a suspect is using a neighbouring WiFi access point the resulting traffic looks as though it has come from the IP address of the owner of the WiFi router. If the traffic is intercepted in the air it is clear where it emanated from. In the event that it is of criminal content it is then possible to apprehend the actual suspect rather than the owner of the WiFi access point that is effectively being 'hacked'.
  4. Who thought up the idea of monitoring all the WiFi channels and recording all the data? The product was conceived by specialists in Sweden working in association with clients who were looking for a tool with such capability. For example it is impossible to trace a VoWlan call once it roams between channels if you use one radio as you will never know which channel or AP (Access Point) the call is going to roam.
  5. Is it possible to install a directional antenna such that the exact position of a suspect who might be in a public place such as an airport or railway station can be pin pointed? Yes. Whilst the normal antenna is an omni directional variety with 6-20 db gain, it is also possible as an option to fit a directional antenna to pinpoint locations. Also there is a GPS interface to provide accurate locations of where traffic is being captured from.
  6. Is it possible to combine data captured on multiple Aircapture products to piece together a roaming conversation which might have been recorded on a variety of different WiFi channels? Yes, the files of data can be merged chronologically using simple software packages freely available. Often it is not possible to hear the change over between hot spots as the suspect moves between different access points.
  7. Why not use commonly available products such as Airopeek, Netstumbler or Ethereal to do the same job? These other products were not designed with forensic investigations in mind. They typically have a single radio/air interface and then they capture data to RAM which immediately limits their usefulness in this application. The Aircapture Wlan14 has 14 radios that capture data from all 14 WiFi channels simultaneously and reliably so no data is missed, even if the suspect roams between two or more WiFi access points and even if different channels are used to continue the same conversation. The reliable Linux operating system facilitates the Aircapture Wlan14 to capture data for weeks at a time. The data is stored on removable hard disk drives that are hot swappable to ensure the very minimum 'change over' time.
Back to Top

Site Last Updated: July  2008

Đ2008 Computer Evidence Ltd
DIBSŪ is a Registered Trademark of DIBS USA, Inc.