Detail publikace

Netfox Detective, Another Network Forensics Analysis Tool, But Better

PLUSKAL, J. BREITINGER, F. RYŠAVÝ, O.

Originální název

Netfox Detective, Another Network Forensics Analysis Tool, But Better

Typ

článek ve sborníku mimo WoS a Scopus

Jazyk

angličtina

Originální abstrakt

Network forensics is a major sub-discipline of digital forensics which becomes more and more important in an age where everything is connected. In order to cope with the amounts of data and other challenges within networks, practitioners require powerful tools that support them.   In this paper, we highlight a novel open-source network forensic tool named --- Netfox Detective --- that outperforms existing tools such as Wireshark or NetworkMiner in certain areas. For instance, it provides a heuristical based engine for traffic processing that can be easily extended. Using robust parsers (we are not solely relying on the RFC description but use heuristics), our application tolerates malformed or missing conversation segments. Besides outlining the tool's architecture and basic processing concepts, we also explain how it can be extended. Lastly, a comparison with other similar tools is presented as well as a real-world scenario is discussed.

Autoři

PLUSKAL, J.; BREITINGER, F.; RYŠAVÝ, O.

Vydáno

22. 2. 2019

Místo

Portland

Strany od

1

Strany do

13

Strany počet

13

BibTex

@inproceedings{BUT168469,
  author="Jan {Pluskal} and Frank {Breitinger} and Ondřej {Ryšavý}",
  title="Netfox Detective, Another Network Forensics Analysis Tool, But Better",
  booktitle="DFRWS",
  year="2019",
  pages="1--13",
  address="Portland"
}