Publication Details

Netfox Detective: A novel open-source Network ForensicsAnalysis Tool

PLUSKAL, J.; BREITINGER, F.; RYŠAVÝ, O. Netfox Detective: A novel open-source Network ForensicsAnalysis Tool. ARES. University of Kent, Canterbury, UK: 2019. p. 1-13.
Type
conference paper
Language
English
Authors
Abstract

Network forensics is a major sub-discipline of digital forensicswhich becomes more and more important in an age where every-thing is connected. In order to cope with the amounts of data andother challenges within networks, practitioners require powerfultools that support them. In this paper, we highlight a novel open-source network forensic tool named - Netfox Detective - thatoutperforms existing tools such as Wireshark or NetworkMiner incertain areas. For instance, it provides a heuristical based enginefor traffic processing that can be easily extended.Using robust parsers (we are not solely relying on the RFC de-scription but use heuristics), our application tolerates malformedor missing conversation segments. Besides outlining the tools ar-chitecture and basic processing concepts, we also explain how itcan be extended. Lastly, a comparison with other similar tools ispresented as well as a real-world scenario is discussed.

Published
2019
Pages
1–13
Proceedings
ARES
Place
University of Kent, Canterbury, UK
BibTeX
@inproceedings{BUT168470,
  author="Jan {Pluskal} and Frank {Breitinger} and Ondřej {Ryšavý}",
  title="Netfox Detective: A novel open-source Network ForensicsAnalysis Tool",
  booktitle="ARES",
  year="2019",
  pages="1--13",
  address="University of Kent, Canterbury, UK"
}
Back to top