Product Details
Netfox Detective - Nástroj pro forenzní analýzu síťové komunikace
Created: 2015
Kmeť Martin, Ing.
Karpíšek Filip, Ing.
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Veselý Vladimír, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
network forensics, processing captured traffic, application protocol parsing, content extraction
NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols. The implemented functionality includes: - Analysis project management that enables to analyze multiple PCAPs in a single session. Support for large PCAP files, up to hundreds of GB. - Advanced visualization using different views of various levels of detail - from overivew to detailed information about every single packet. - A collection of persers and content extraction methods for the most used application protocols. - Filtering and full-text search in captured traffic. NFX Detective is an extensible platform that can be customized to individual requirements: - Possibility to create a new extraction moduls for other application protocols. This can be done using protocol specification language and implementation of data transoformation and new user view to presented extracted data. - Extension of the system with user defined analytical methods. NFX Detective employs open data model that can be accessed or easily modified. - Definition of new views on the data. Data are stored in a No-SQL database and can be efficiently accessed through well-defined interface.
Software je ke stažení na adrese: http://netfox.fit.vutbr.cz Software je umístěn v podobě zdrojových kódu v privátním TFS repositáři.