Publication Details

Netfox Detective: A novel open-source Network Forensics Analysis Tool

PLUSKAL Jan, BREITINGER Frank and RYŠAVÝ Ondřej. Netfox Detective: A novel open-source Network Forensics Analysis Tool. Forensic Science International: Digital Investigation, vol. 35, no. 301019, 2020, pp. 1-13. ISSN 2666-2825. Available from: https://www.sciencedirect.com/science/article/pii/S2666281720300871
Czech title
Netfox Detective:nový open-source nástroj pro síťovou forenzní analýzu
Type
journal article
Language
english
Authors
Pluskal Jan, Ing. (DIFS FIT BUT)
Breitinger Frank (UniLi)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
URL
Keywords

Network forensics, Protocol analysis, Web forensics, Network forensic analysis tool, Lawful interception

Abstract
Network forensics is a major sub-discipline of digital forensics which becomes more and more important in an age where
everything is connected. In order to cope with the amounts of data and other challenges within networks, practitioners require powerful
tools that support them. In this paper, we highlight a novel open-source network forensic tool named - Netfox Detective - that
outperforms existing tools such as Wireshark or NetworkMiner in certain areas. For instance, it provides a heuristically based engine
for traffic processing that can be easily extended. Using robust parsers (we are not solely relying on the RFC description but use
heuristics), our application tolerates malformed or missing conversation segments. Besides outlining the tools architecture and basic
processing concepts, we also explain how it can be extended. Lastly, a comparison with other similar tools is presented as well as a
real-world scenario is discussed.
Published
2020
Pages
1-13
Journal
Forensic Science International: Digital Investigation, vol. 35, no. 301019, ISSN 2666-2825
Publisher
Elsevier Science
DOI
UT WoS
000600551900005
EID Scopus
BibTeX
@ARTICLE{FITPUB12149,
   author = "Jan Pluskal and Frank Breitinger and Ond\v{r}ej Ry\v{s}av\'{y}",
   title = "Netfox Detective: A novel open-source Network Forensics Analysis Tool",
   pages = "1--13",
   journal = "Forensic Science International: Digital Investigation",
   volume = 35,
   number = 301019,
   year = 2020,
   ISSN = "2666-2825",
   doi = "10.1016/j.fsidi.2020.301019",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12149"
}
Back to top