Netfox detective: A novel open-source network forensics analysis tool

Détails

ID Serval
serval:BIB_D2FA4BB5E446
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Titre
Netfox detective: A novel open-source network forensics analysis tool
Périodique
Forensic Science International: Digital Investigation
Auteur(s)
Pluskal Jan, Breitinger Frank, Ryšavý Ondřej
ISSN
2666-2817
Statut éditorial
Publié
Date de publication
12/2020
Volume
35
Pages
301019
Langue
anglais
Résumé
Network forensics is a major sub-discipline of digital forensics which becomes more and more important in an age where everything is connected. In order to cope with the amounts of data and other challenges within networks, practitioners require powerful tools that support them. In this paper, we highlight a novel open-source network forensic tool named – Netfox Detective – that outperforms existing tools such as Wireshark or NetworkMiner in certain areas. For instance, it provides a heuristically based engine for traffic processing that can be easily extended. Using robust parsers (we are not solely relying on the RFC description but use heuristics), our application tolerates malformed or missing conversation segments. Besides outlining the tool’s architecture and basic processing concepts, we also explain how it can be extended. Lastly, a comparison with other similar tools is presented as well as a real-world scenario is discussed.
Mots-clé
Network forensics, Protocol analysis, Web forensics, Network forensic analysis tool, Lawful interception
Web of science
Création de la notice
06/05/2021 12:01
Dernière modification de la notice
06/05/2021 12:43
Données d'usage