1 / 190

FINFISHER: FinSpy 3.10 Product Training

FINFISHER: FinSpy 3.10 Product Training. Table of Content. Introduction FinSpy Agent FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting. Portfolio Overview. Introduction.

temira
Download Presentation

FINFISHER: FinSpy 3.10 Product Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. FINFISHER: FinSpy 3.10 Product Training

  2. Table of Content • Introduction • FinSpy Agent • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting

  3. Portfolio Overview

  4. Introduction • FinSpy is designed to help Law Enforcement and Intelligence Agencies remotely monitor computer systems and gain full access: • Key Features: • Online Communication • Skype, Messengers, VoIP, E-Mail, Browsing and more • Internet Activity • Social Networks, Discussion Boards, Blogs, File-Sharing and more • Stored Data • Remote access to hard-disk, deleted files, Recently Opened Files, crypto containers and more • Surveillance Devices • Use of Integrated webcams, microphones and more • Location

  5. Introduction • Strategic use of the FinSpy System: • IT Intrusion System • Internal Monitoring System • Covert Surveillance Device • Remote Control System

  6. FinSpy – Components

  7. FinSpy Agent • Introduction • FinSpy Agent • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting

  8. FinSpy Agent – Components • Provides Graphical User Interface for FinSpy System • Shows Target List • Provides Interface for Target Analysis • Allows Target Configuration • Facilitates Target Updates • Enables Target Trojan Creation • Facilitates Creation of differing Infection Techniques

  9. FinSpy Agent – Contents • Overview • Target List • Target Options • Evidence Protection • Target Creation • Infection Techniques • Analyses

  10. FinSpy Agent – Overview • FinSpy Agent – Login Window • Username and Password • IP Address or DNS Name and Port of FinSpy Master • Logoff from the FinSpy Master

  11. FinSpy Agent – Overview • FinSpy Agent – Main Window

  12. FinSpy Agent – Overview • The FinSpy Agent Main Window offers the following functionalities: • Data Analysis – Analysis of selected or multiple Targets • Create Target – Wizard to create a new Target Trojan • Configuration – Basic Settings for FinSpy Agent and FinSpy Master • Show Logfiles – To view the Logfiles on the FinSpy Master • Agent List – To view which Agents are connected to which Target(s) • License Information – To view the actual License and Import one • LEMF – Data Management – To configure the LEMF • About – Shows the FinSpy Version and License • Online Help – Visit Support Website • Logoff – Disconnect the FinSpy Agent from FinSpy Master

  13. FinSpy Agent • Introduction • FinSpy Agent • Target List • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting

  14. FinSpy Agent – Target List • FinSpy Agent – Target List

  15. FinSpy Agent – Target List • The FinSpy Agent Target List displays information about a Target. • FinSpy Target Name • Unique FinSpy System Name of Target System • Username under which the FinSpy Infection operates • Country & City in which the FinSpy Targets ISP Access point is located • Global IP & Public IP address of the FinSpy Target • Operating System including Service Pack • Target Time & Target Time Zone • Software Version of the FinSpy Target • Install Mode (MBR, Kernel Mode, User Mode)

  16. FinSpy Agent – Target List – Online • FinSpy Agent – Target List – Online

  17. FinSpy Agent – Target List – Online • Configuration • Live Session • Download Now • Update • Remove Infection • Disconnect • The Online List of Targets offers the following functionalities to manage, monitor and reconfigure an active FinSpy Target: • Analyse Data • Visualize Data • Evidence Protection

  18. FinSpy Agent – Target List – Offline • FinSpy Agent – Target List – Offline

  19. FinSpy Agent – Target List – Offline • The Offline List of Targets offers the following functionalities to manage and monitor a FinSpy Target: • Analyse Data • Visualize Data • Evidence Protection • Configuration • Remove Infection

  20. FinSpy Agent – Target List – Archived • The Archived List of Targets offers the following functionalities to manage a FinSpy Target, where, the infection was removed but data is still on the FinSpy Master Server: • Analyse Data • Visualize Data • Evidence Protection • Remove Data

  21. FinSpy Agent – Target List – Target Licensing • If the maximum number of infection is reached, the Target is unavailable as long as no license is freed and an infected Target is uninfected. • First come – first serve principle

  22. FinSpy Agent – Target List – Recorded Data Availability • Symbols indicate availability of new data • Star indicates Data on FinSpy Master is available • Bullet indicates Data on FinSpy Target is available for download to Master Server

  23. FinSpy Agent • Introduction • FinSpy Agent • Target Analysis • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting

  24. FinSpy Agent – Target Analysis • All or Selected recorded data can be shown or replayed • Data is stored on the FinSpy Master • Data can be viewed, deleted, exported and commented on

  25. FinSpy Agent – Target Analysis • FinSpy Agent – Target Analysis Main Window

  26. FinSpy Agent – Target Analysis • The FinSpy Agent Target List Main Window shows the following information: • Identifies the Infection module (device/application) • An importance level can be associated with specific stored data • FinSpy Target Name • Unique internal FinSpy System reference to the Specific FinSpy Target • Size of the stored data set in bytes • The date when the data was recorded on the Target PC

  27. FinSpy Agent – Target Analysis • Possible actions each entry: • Opens & shows the recorded data • Deletes the data set from the FinSpy Master Server • The data can be exported to the FinSpy Agent computer. • Comments to the data can be stored

  28. FinSpy Agent – Target Analysis • Recorded Comments: • Comments cannot be deleted • Importance Levels are also comments • Descending order

  29. FinSpy Agent – Target Analysis • Filter Search: • Start / End Date • Module • Advanced Options

  30. FinSpy Agent – Target Analysis • Embedded Audio Player (Skype, VoIP, Microphone): • Start / Pause / Stop • Equalizer for each channel • Volume control

  31. FinSpy Agent – Target Analysis • Embedded Video Player (Webcam, Screen, Mouse Clicks): • Play / Pause, Stop, One Screenshot Backward, One Screenshot Forward • Current Time, Total Length • Preview Images (generated at runtime)

  32. FinSpy Agent – Target Analysis – Hands-On • Hands-On:

  33. FinSpy Agent – Target Analysis – Hands-On • Hands-On: • Select a Target • Search for Microphone Recordings only • Open Microphone Recording • Change Priority Level to High • Write a Comment

  34. FinSpy Agent • Introduction • FinSpy Agent • Visualize Data • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting

  35. FinSpy Agent – Visualize Data • Analyzing Data on a graphical way.

  36. FinSpy Agent – Visualize Data • Analyzing Data on a graphical way. • The art of visualization • The recorded data on each day • Setting the importance level

  37. FinSpy Agent – Visualize Data • Analyzing Data on a graphical way. • Overview divided by module • Amount of recordings for each module • Meta Information

  38. FinSpy Agent • Introduction • FinSpy Agent • Evidence Protection • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting

  39. FinSpy Agent – Evidence Protection • Prove collected Data has not been altered, for use as evidence in court • Import of a Security certificate • Digital Check for each item • Activity Logging (Who, What, Where) • Signature Verification

  40. FinSpy Agent – Evidence Protection • Certificate Management

  41. FinSpy Agent – Evidence Protection • Status of Evidence • Signature Checking • Export of Evidence

  42. FinSpy Agent – Evidence Protection • Activity Log • Event Description (Who/What/Where)

  43. FinSpy Agent – Evidence Protection • Exported evidence can generate a report

  44. FinSpy Agent – Evidence Protection • Evidence history can be viewed

  45. FinSpy Agent – Evidence Protection • External Verification Tool • Can be used portable

  46. FinSpy Agent – Configuration – Hands-On • Hands-On:

  47. FinSpy Agent – Configuration – Hands-On • Hands-On: • Select a Target • Go to Evidence Protection • Export the Evidence • Use external Evidence Verification Tool • Run the external Evidence Verification Tool

  48. FinSpy Agent • Introduction • FinSpy Agent • Configuration • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting

  49. FinSpy Agent – Configuration • Configuration of the FinSpy Target: • General settings • Network settings • Download Schedule • Alert Settings • User Permissions • Modules

  50. FinSpy Agent – Configuration • Configuration Window:

More Related