i2 Analyst's Notebook
July 11, 2006
£3,600 inc. one year's support
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Superb link analyser with a stellar pedigree.
- Weaknesses: Not targeted directly at IT security incidents in its training, icon sets or application notes.
- Verdict: Intuitive, powerful analysis tool for complex incidents.
This is a very different type of analysis tool from those infosec professionals are used to. Link analysis, a crucial aspect of incident response, is usually done manually or by trying to use log correlators. This is a true link analyser with a long pedigree in analysing complex crimes and security incidents.
The application does all the installation work, after which come example charts and a superb help system to quickly move you from installation to production.
Within the first two hours, we had imported and analysed metadata from EnCase for a detailed analysis of data on a hard disk, put in hacker profiles to analyse inter-relationships between hackers and hacks, and analysed a 65,000 record IDS log for links between attacks and attackers.
Link analysis is applied to incident response post mortem. Logs, events and other data feed the link analyser's analysis process. The easiest way to input data is by importing from a spreadsheet using a CSV file. This allows users to import logs of virtually any kind into the analyser, then the tool sets up the relationships and displays them in various formats.
Once data is organised, viewing relationships is intuitive. Analyst's Notebook is part of a suite of products that allow very large, complex logs to be analysed and subtle connections to be found in extensive distributed enterprises.
Most documentation is in the help file, which we found helpful, while directories are created with extensive PDF files and examples, as well as a paper Quick Start Guide and a Guide to Power2, the core technology in the product.
Support is also extensive, with online and phone support and consulting teams available to assist with difficult cases.
The product is priced in the range of most forensic tools and far lower than typical log analysis appliances. The product will also reduce significantly the analysis time for an incident, so it can be resolved, production restored and large amounts of data analysed.
Rather than replacing log correlators, Analyst's Notebook leverages existing investment in expensive tools. The cost of the product and user training will be amortised in the first incident upon which it is used.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime