NetFox - The network forensic extandable analysis tool

NetFox - The network forensic extandable analysis tool

Stať ve sborníku mimo WoS a Scopus

The Network forensic analysis is increasingly discussed topic in the recent decade because of a rapidly raising number of criminal activities employing a network infrastructure. As computer networks grow and a new equipment is being connected every second, a crucial need for an efficient network monitoring tool arises. Two basic methods are applied. Firstly, collecting traffic metadata in a form of Netflow records, which are often applied in solutions of data retention, to provide an evidence of intercommunication of network devices. Secondly, full communication capturing followed by the subsequent detailed analysis is applied in specific cases, when a target of an investigation is known.

We present a network forensic platform, called Netfox.Framework, which has been developed as an open-source, extensible, and modular analytical software framework, providing a conversation-based approach usable for an advanced data-mining in a captured communication. The NFX development is driven by the need of providing a robust method to reduce a complexity and a time during a development of various specific network forensic applications. Almost every possible forensic investigation use-case requires to reconstruct, at least partially, an application data layer. The functionality implemented in the NFX resembles not only the implementation of TCP/IP stack at end nodes, but also other mechanisms necessary to understand bidirectional communication up to application protocol layers.

The Network forensic analysis is increasingly discussed topic in the recent decade because of a rapidly raising number of criminal activities employing a network infrastructure. As computer networks grow and a new equipment is being connected every second, a crucial need for an efficient network monitoring tool arises. Two basic methods are applied. Firstly, collecting traffic metadata in a form of Netflow records, which are often applied in solutions of data retention, to provide an evidence of intercommunication of network devices. Secondly, full communication capturing followed by the subsequent detailed analysis is applied in specific cases, when a target of an investigation is known.

We present a network forensic platform, called Netfox.Framework, which has been developed as an open-source, extensible, and modular analytical software framework, providing a conversation-based approach usable for an advanced data-mining in a captured communication. The NFX development is driven by the need of providing a robust method to reduce a complexity and a time during a development of various specific network forensic applications. Almost every possible forensic investigation use-case requires to reconstruct, at least partially, an application data layer. The functionality implemented in the NFX resembles not only the implementation of TCP/IP stack at end nodes, but also other mechanisms necessary to understand bidirectional communication up to application protocol layers.

Network forensic framework, data-mining, pcap
manipulation, forensic network data analysis

Network forensic framework, data-mining, pcap
manipulation, forensic network data analysis

PLUSKAL, J.; RYŠAVÝ, O.; VESELÝ, V.

24.03.2014

University Politehnica of Bucharest

Bucharest

978-606-551-047-0

6th AFCEA Student Conference Future of Information and Communication Technology

68

71

4