Publication Details
Netfox Detective: A novel open-source Network Forensics Analysis Tool
Network forensics, Protocol analysis, Web forensics, Network forensic analysis
tool, Lawful interception
Network forensics is a major sub-discipline of digital forensics which becomes
more and more important in an age whereeverything is connected. In order to cope
with the amounts of data and other challenges within networks, practitioners
require powerfultools that support them. In this paper, we highlight a novel
open-source network forensic tool named - Netfox Detective - thatoutperforms
existing tools such as Wireshark or NetworkMiner in certain areas. For instance,
it provides a heuristically based enginefor traffic processing that can be easily
extended. Using robust parsers (we are not solely relying on the RFC description
but useheuristics), our application tolerates malformed or missing conversation
segments. Besides outlining the tools architecture and basicprocessing concepts,
we also explain how it can be extended. Lastly, a comparison with other similar
tools is presented as well as areal-world scenario is discussed.
@article{BUT169468,
author="Jan {Pluskal} and Frank {Breitinger} and Ondřej {Ryšavý}",
title="Netfox Detective: A novel open-source Network Forensics Analysis Tool",
journal="Forensic Science International: Digital Investigation",
year="2020",
volume="35",
number="301019",
pages="1--13",
doi="10.1016/j.fsidi.2020.301019",
issn="2666-2825",
url="https://www.sciencedirect.com/science/article/pii/S2666281720300871"
}