Netfox Detective: A novel open-source Network ForensicsAnalysis Tool

Network forensics is a major sub-discipline of digital forensicswhich becomes more and more important in an age where every-thing is connected. In order to cope with the amounts of data andother challenges within networks, practitioners require powerfultools that support them. In this paper, we highlight a novel open-source network forensic tool named - Netfox Detective - thatoutperforms existing tools such as Wireshark or NetworkMiner incertain areas. For instance, it provides a heuristical based enginefor traffic processing that can be easily extended.Using robust parsers (we are not solely relying on the RFC de-scription but use heuristics), our application tolerates malformedor missing conversation segments. Besides outlining the tools ar-chitecture and basic processing concepts, we also explain how itcan be extended. Lastly, a comparison with other similar tools ispresented as well as a real-world scenario is discussed.