Open Source Intelligence and Forensics : Maltego
Maltego is an open source intelligence and forensics application
Maltego is a visual link analysis tool that, out the box, comes with open source intelligence (OSINT) plugins, called transforms. The tool offers real-time data mining and information gathering as well as the representation of this information on a node based graph making patterns and multiple order connections between said information easily identifiable.
With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your “environment" is not always clear or complete. In fact, most often it’s not what we know that is harmful -it’s what we don’t know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based?
Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.The unique perspective that Maltego offers to both network and resource based entities is the aggregation of information posted all over the internet "whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits, Maltego can locate, aggregate and visualize this information.
Maltego is an open source intelligence and forensics application. It offers you an amazing mining and gathering of information capability as well as the representation of this information in an easy to understand format. It can be used to map information regarding networks, organizations, people etcetera. Coupled with its graphing libraries, Maltego allows you to identify key relationships between information and identify previously unknown relationships between them. For example, it allows you to easily identify common infrastructure between Domain Naming System (DNS) names based on the resolution of addresses. Maltego takes various bits of information (referred to as Entities within the application), and converts these (via code known as transforms) to other Entities. An example of this would be if you were to put a website Entity on a graph within Maltego with the value of ‘www.paterva.com' and run the ‘To IP Address [DNS]' transform. You would then notice that a new Entity, namely an IP Address with the value of 74.207.243.85 has been generated as a child of the original website Entity.
The mapping of a network and understanding how everything fits together is an important step in getting to know a target. The process can be labour intensive and only some aspects can be automated successfully. Maltego tries to consolidate some of the required functions easily and accurately. Maltego provides accurate results that will also have been obtained when utilising other available tools and commands manually. Assuming a certain level of knowledge and experience, Maltego is easy to understand and utilise.
Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet. Maltego uses the idea of transforms to automate the process of querying different data sources. This information is then displayed on a node based graph suited for performing link analysis.
Currently there are three versions of the Maltego client namely Maltego CE, Maltego Classic and Maltego XL. This page will focus on Maltego Community Edition (CE).
All three Maltego clients come with access to a library of standard transforms for the discovery of data from a wide range of public sources that are commonly used in online investigations and digital forensics. Because Maltego can seamlessly integrate with nearly any data source many data vendors have chosen to use Maltego as a delivery platform for their data. This also means Maltego can be adapted to your own, unique requirements.
Open Source Intelligence:
Maltego can be used to determine the relationships between the following entities:
People.
Names.
Email addresses.
Aliases.
Groups of people (social networks).
Companies.
Organizations.
Web sites.
Internet infrastructure such as:
Domains.
DNS names.
Netblocks.
IP addresses.
Affiliations.
Documents and files.
These entities can be linked using open source intelligence (when using the standard transforms). Maltego provides you with a graphical interface that makes seeing these relationships, instant and accurate and even making it possible to see hidden connections. Using the graphical user interface (GUI) you can see relationships easily ,even if they are three or four degrees of separation away.
Maltego is unique because it uses a powerful, flexible framework that makes customizing possible, where Maltego can be adapted to your own, unique requirements. The mapping of a network and understanding how everything fits together is an important step in getting to know a target. The process can be labour intensive and only some aspects can be automated successfully. Maltego tries to consolidate some of the required functions easily and accurately. Maltego provides accurate results that will also have been obtained when utilising other available tools and commands manually. Assuming a certain level of knowledge and experience, Maltego is easy to understand and utilise.
Client Requirements
Operating system
Maltego has been tested on Windows XP/Vista/7 and Linux (various distributions) as well as OSX. As Maltego is purely Java based it should work on almost any operating system. Because operating systems differ care has been taken to use an Install Shield for Windows and Linux (RPM,DEB,ZIP), a package(.dmg) for OSX and that takes of differences between these systems.
Bottom line: Maltego can be installed on all platforms.
Software requirements
Maltego uses Java version 6 (1.6 at least update 10) which is available for most popular operating systems. Maltego will not function correctly with version 5 (1.5). The Maltego installer will not install or upgrade your system to Java 1.6, but this should be a painless procedure. The latest release of Java can be downloaded for your operating system at http://www.java.com/en/download/manual.jsp. This page also includes instructions for installing the software. As of version 3.0 of Maltego packages that includes the JVM can be downloaded.
Bottom line: You need Java 1.6 and you need to install it yourself unless you download a installer that already
Hardware requirements
Maltego loves memory and raw CPU power. Rendering views take a lot of computing power and the slower your computer, the longer it will take. If your computer is under-powered this can become frustrating. If you plan to work on large graphs you’ll also need some memory. Maltego version 3 is configured to use 1024MB (1GB) of RAM, but if that is all you have your OS and other apps will have nothing left to work with. We thus recommend at least 2GB of RAM, but the more the merrier. You also need a link to the Internet if you want to use the Paterva TAS (and for registration). Almost all the data collection and processing happens on the server but the results still need to get to your computer. A fast Internet link makes Maltego work faster. Lastly, if you ever needed a reason to get a big screen you now have it. Maltego also loves big displays. Running it in 1024×768 just wouldn’t feel right ,but you can do it if you really have to.
Bottom line:
Minimum (yuk): 2GB RAM, 2GHz, 64Kb Internet access, 1024×768 display.
Recommended (yummy): 8GB RAM, Intel I7, 1Mb+ Internet access, 1920×1080 display.
Server Requirements
Operating System
Maltego server is delivered as a VMWare image allowing you to run your Maltego server on practically anything that supports VMWare or a virtual machine system that can ‘play" VMWare images. As such any operating system capable of running a virtual machine system can be used.
Software
As specified above the only software needed to run the Maltego VMWare images is a virtual machine ‘player" we recommend VMWare workstation or server.
Hardware
Miminum: 2GB RAM, 2GHz CPU, 1Mb Internet access
Recommended: 4GB RAM, Intel I7, >4Mb Internet access
What can Maltego do for me?
Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
Maltego provide you with a much more powerful search, giving you smarter results.
If access to “hidden" information determines your success, Maltego can help you discover it.
These entities are linked using open source intelligence. Maltego is easy and quick to install ,it uses Java, so it runs on Windows, Mac and Linux. Tool provides you with a graphical interface that makes seeing these relationships instant and accurate -making it possible to see hidden connections. Using the graphical user interface (GUI) you can see relationships easily ,even if they are three or four degrees of separation away. Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements.