Publication Details
Netfox Detective: A novel open-source Network Forensics Analysis Tool
Network forensics, Protocol analysis, Web forensics, Network forensic analysis tool, Lawful interception
Network forensics is a major sub-discipline of digital forensics which becomes more and more important in an age whereeverything is connected. In order to cope with the amounts of data and other challenges within networks, practitioners require powerfultools that support them. In this paper, we highlight a novel open-source network forensic tool named - Netfox Detective - thatoutperforms existing tools such as Wireshark or NetworkMiner in certain areas. For instance, it provides a heuristically based enginefor traffic processing that can be easily extended. Using robust parsers (we are not solely relying on the RFC description but useheuristics), our application tolerates malformed or missing conversation segments. Besides outlining the tools architecture and basicprocessing concepts, we also explain how it can be extended. Lastly, a comparison with other similar tools is presented as well as areal-world scenario is discussed.
@article{BUT169468,
author="Jan {Pluskal} and Frank {Breitinger} and Ondřej {Ryšavý}",
title="Netfox Detective: A novel open-source Network Forensics Analysis Tool",
journal="Forensic Science International: Digital Investigation",
year="2020",
volume="35",
number="301019",
pages="1--13",
doi="10.1016/j.fsidi.2020.301019",
issn="2666-2825",
url="https://www.sciencedirect.com/science/article/pii/S2666281720300871"
}