HTTPS/SSL Network Forensics Device (HTTPS/SSL Interceptor) is designed specially for forensics purpose where it is used to decrypt HTTPS/SSL traffic. It can be used by legal enforcement bodies, police, investigation units, forensics firms, government departments for tracking or monitoring suspects HTTP and HTTPS activities (through Internet). HTTPS/SSL Device has E-Detective web reconstruction function (HTTP Link and HTTP Content) integrated into the system which allow the administrator to see the web page content of normal and secured web page.
HTTPS/SSL Interceptor can works in two modes: 1. Man in the Middle Attack (MITM); and 2. Offline Method (Decrypting HTTPS raw data with Private Key Available). In MITM method, it acts as a proxy to the targeted PC/suspect. All traffic from the targeted PC or suspect will be redirected to the HTTPS/SSL Interceptor. Therefore, it can collect the genuine certificate from SSL Server if the targeted PC access to the SSL Server. At the mean time, the HTTPS/SSL Interceptor returns with its own generated certificate. In this method, it allows theHTTPS/SSL Interceptor to decrypt the HTTPS traffic. In Offline Method, with the HTTPS raw data captured,HTTPS/SSL Interceptor is capable to decrypt the traffic if the private key is available.