Netfox Detective: A novel open-source Network Forensics Analysis Tool

článek v časopise ve Web of Science, Jimp

angličtina

Network forensics is a major sub-discipline of digital forensics which becomes more and more important in an age whereeverything is connected. In order to cope with the amounts of data and other challenges within networks, practitioners require powerfultools that support them. In this paper, we highlight a novel open-source network forensic tool named - Netfox Detective - thatoutperforms existing tools such as Wireshark or NetworkMiner in certain areas. For instance, it provides a heuristically based enginefor traffic processing that can be easily extended. Using robust parsers (we are not solely relying on the RFC description but useheuristics), our application tolerates malformed or missing conversation segments. Besides outlining the tools architecture and basicprocessing concepts, we also explain how it can be extended. Lastly, a comparison with other similar tools is presented as well as areal-world scenario is discussed.

Network forensics, Protocol analysis, Web forensics, Network forensic analysis tool, Lawful interception

PLUSKAL, J.; BREITINGER, F.; RYŠAVÝ, O.

1. 12. 2020

2666-2825

Forensic Science International: Digital Investigation

35

301019

Spojené státy americké

1

13

13

https://www.sciencedirect.com/science/article/pii/S2666281720300871