Network Forensics Tools

Yes, much as I dislike this abuse of the word “Forensics” (see Rant), I’ll recognize that it is a very popular abuse.

Chaosreader, jpcap, Microsoft Log Parser can break up a packet capture (pcap) file (created by Wireshark or Microsoft Net Monitor) into manageable components (including downloaded files). See the Network Forensics Puzzle site for more tools.

Palo Alto Networks enterprise firewall, in Tap Mode, can interpret http traffic, parse documents in the traffic, identify P2P applications tunneled over http (such as Skype), and correlate the traffic with a user (not just an IP address).

Net Witness (derived from the retired FBI Carnivore program), monitors network traffic for email and Internet traffic. A free version parses pcap files up to 1 GB.

Spector monitors Internet activity.

Solera Networks offers products and their “What is Network Forensics?” whitepaper.

This entry was posted on Thursday, July 29th, 2010 at 11:54 AM and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

One Response to Network Forensics Tools

  1. Tweets that mention Network #Forensics Tools -- Topsy.com says:
    July 29, 2010 at 3:16 PM

    [...] This post was mentioned on Twitter by komeilipour and ucsci, opexxx. opexxx said: RT @komeilipour: Network #Forensics Tools http://ht.ly/2iwBq [...]

Follow

Get every new post delivered to your Inbox.