All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

Netfox Detective: A tool for advanced network forensics analysis

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F15%3APU116985" target="_blank" >RIV/00216305:26230/15:PU116985 - isvavai.cz</a>

  • Result on the web

    <a href="http://www.fit.vutbr.cz/research/pubs/all.php?id=10863" target="_blank" >http://www.fit.vutbr.cz/research/pubs/all.php?id=10863</a>

  • DOI - Digital Object Identifier

Alternative languages

  • Result language

    angličtina

  • Original language name

    Netfox Detective: A tool for advanced network forensics analysis

  • Original language description

    Network forensics is a process of capturing, collecting and analysing network data for the purposes of information gathering, legal evidence, or intrusion detection. The new generation internet opens novel opportunities for cybercrime activities and security incidents using network applications. Security administrators and LEA (Law Enforcement Agency) officers are challenged to employ advanced tools and techniques in order to detect unlawful or unauthorized activities. In case of serious suspicion of crime activity, network forensics tools and techniques are used to find out legal evidences in a captured network communication that prove or disprove suspect's participation on that activity. Today, there are various commercial or free tools for network forensics analysis available, e.g., Wireshark, Network Miner, NetWitness, Xplico, NetIntercept, or PacketScan. Many of these tools lack the ability of successful reconstruction of communication when using incomplete, duplicated or corrupted input data. Investigators also require an advanced automatic processing of application data that helps them to see real contents of conversation that include chats, VoIP talks, file transmission, email exchange etc. Our research is focused on design and implementation of a modular framework for network forensics with advanced possibilities of application reconstruction. The proposed architecture consists of (i) input packet processing, (ii) an advanced reconstruction of L7 conversations, and (iii) application-based analysis and presentation of L7 conversations. Our approach employs various advanced reconstruction techniques and heuristics that enable to work even with corrupted or incomplete data, e.g. one-directional flows, missing synchronization, unbounded conversations, etc. The proposed framework was implemented in a tool Netfox Detective developed by our research group. This paper shows its architecture from functional and logical point of view and its

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

    <a href="/en/project/VG20102015022" target="_blank" >VG20102015022: Modern tools for detection and mitigation of cyber criminality on the New Generation Internet</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2015

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of Security and Protection of Information (SPI) 2015

  • ISBN

    978-80-7231-997-8

  • ISSN

  • e-ISSN

  • Number of pages

    17

  • Pages from-to

    147-163

  • Publisher name

    Brno University of Defence

  • Place of publication

    Brno

  • Event location

    Brno

  • Event date

    May 20, 2015

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article