Netfox Detective: A tool for advanced network forensics analysis
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F15%3APU116985" target="_blank" >RIV/00216305:26230/15:PU116985 - isvavai.cz</a>
Result on the web
<a href="http://www.fit.vutbr.cz/research/pubs/all.php?id=10863" target="_blank" >http://www.fit.vutbr.cz/research/pubs/all.php?id=10863</a>
DOI - Digital Object Identifier
—
Alternative languages
Result language
angličtina
Original language name
Netfox Detective: A tool for advanced network forensics analysis
Original language description
Network forensics is a process of capturing, collecting and analysing network data for the purposes of information gathering, legal evidence, or intrusion detection. The new generation internet opens novel opportunities for cybercrime activities and security incidents using network applications. Security administrators and LEA (Law Enforcement Agency) officers are challenged to employ advanced tools and techniques in order to detect unlawful or unauthorized activities. In case of serious suspicion of crime activity, network forensics tools and techniques are used to find out legal evidences in a captured network communication that prove or disprove suspect's participation on that activity. Today, there are various commercial or free tools for network forensics analysis available, e.g., Wireshark, Network Miner, NetWitness, Xplico, NetIntercept, or PacketScan. Many of these tools lack the ability of successful reconstruction of communication when using incomplete, duplicated or corrupted input data. Investigators also require an advanced automatic processing of application data that helps them to see real contents of conversation that include chats, VoIP talks, file transmission, email exchange etc. Our research is focused on design and implementation of a modular framework for network forensics with advanced possibilities of application reconstruction. The proposed architecture consists of (i) input packet processing, (ii) an advanced reconstruction of L7 conversations, and (iii) application-based analysis and presentation of L7 conversations. Our approach employs various advanced reconstruction techniques and heuristics that enable to work even with corrupted or incomplete data, e.g. one-directional flows, missing synchronization, unbounded conversations, etc. The proposed framework was implemented in a tool Netfox Detective developed by our research group. This paper shows its architecture from functional and logical point of view and its
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
IN - Informatics
OECD FORD branch
—
Result continuities
Project
<a href="/en/project/VG20102015022" target="_blank" >VG20102015022: Modern tools for detection and mitigation of cyber criminality on the New Generation Internet</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2015
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Proceedings of Security and Protection of Information (SPI) 2015
ISBN
978-80-7231-997-8
ISSN
—
e-ISSN
—
Number of pages
17
Pages from-to
147-163
Publisher name
Brno University of Defence
Place of publication
Brno
Event location
Brno
Event date
May 20, 2015
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—