Product Details
Netfox Detective - Nástroj pro forenzní analýzu síťové komunikace
Created: 2015
English title
Netfox Detective - a network forensics tool for analyzing network traffic
Type
software
License
In order to use the result by another entity, it is always necessary to acquire a license
License Fee
The licensor does not require a license fee for the result
Authors
Pluskal Jan, Ing., Ph.D.
(DIFS)
Kmeť Martin, Ing.
Karpíšek Filip, Ing.
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Veselý Vladimír, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Kmeť Martin, Ing.
Karpíšek Filip, Ing.
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Veselý Vladimír, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Keywords
network forensics, processing captured traffic, application protocol parsing, content extraction
Description
NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols. The implemented functionality includes:
- Analysis project management that enables to analyze multiple PCAPs in a single session. Support for large PCAP files, up to hundreds of GB.
- Advanced visualization using different views of various levels of detail - from overivew to detailed information about every single packet.
- A collection of persers and content extraction methods for the most used application protocols.
- Filtering and full-text search in captured traffic.
NFX Detective is an extensible platform that can be customized to individual requirements:
- Possibility to create a new extraction moduls for other application protocols. This can be done using protocol specification language and implementation of data transoformation and new user view to presented extracted data.
- Extension of the system with user defined analytical methods. NFX Detective employs open data model that can be accessed or easily modified.
- Definition of new views on the data. Data are stored in a No-SQL database and can be efficiently accessed through well-defined interface.
Location
Software je ke stažení na adrese: http://netfox.fit.vutbr.cz Software je umístěn v podobě zdrojových kódu v privátním TFS repositáři.
Projects
Modern Tools for Detection and Mitigation of Cyber Criminality on the New Generation Internet, MV, Program bezpečnostního výzkumu České republiky 2010 - 2015, VG20102015022, start: 2010-10-01, end: 2015-09-30, completed
Research groups
Departments