Netfox Detective: A novel open-source Network Forensics Analysis Tool

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F20%3APU139481" target="_blank" >RIV/00216305:26230/20:PU139481 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.sciencedirect.com/science/article/pii/S2666281720300871" target="_blank" >https://www.sciencedirect.com/science/article/pii/S2666281720300871</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.fsidi.2020.301019" target="_blank" >10.1016/j.fsidi.2020.301019</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Netfox Detective: A novel open-source Network Forensics Analysis Tool

Popis výsledku v původním jazyce

Network forensics is a major sub-discipline of digital forensics which becomes more and more important in an age whereeverything is connected. In order to cope with the amounts of data and other challenges within networks, practitioners require powerfultools that support them. In this paper, we highlight a novel open-source network forensic tool named - Netfox Detective - thatoutperforms existing tools such as Wireshark or NetworkMiner in certain areas. For instance, it provides a heuristically based enginefor traffic processing that can be easily extended. Using robust parsers (we are not solely relying on the RFC description but useheuristics), our application tolerates malformed or missing conversation segments. Besides outlining the tools architecture and basicprocessing concepts, we also explain how it can be extended. Lastly, a comparison with other similar tools is presented as well as areal-world scenario is discussed.

Název v anglickém jazyce

Netfox Detective: A novel open-source Network Forensics Analysis Tool

Popis výsledku anglicky

Network forensics is a major sub-discipline of digital forensics which becomes more and more important in an age whereeverything is connected. In order to cope with the amounts of data and other challenges within networks, practitioners require powerfultools that support them. In this paper, we highlight a novel open-source network forensic tool named - Netfox Detective - thatoutperforms existing tools such as Wireshark or NetworkMiner in certain areas. For instance, it provides a heuristically based enginefor traffic processing that can be easily extended. Using robust parsers (we are not solely relying on the RFC description but useheuristics), our application tolerates malformed or missing conversation segments. Besides outlining the tools architecture and basicprocessing concepts, we also explain how it can be extended. Lastly, a comparison with other similar tools is presented as well as areal-world scenario is discussed.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/LQ1602" target="_blank" >LQ1602: IT4Innovations excellence in science</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Forensic Science International: Digital Investigation

ISSN

2666-2825

e-ISSN

—

Svazek periodika

35

Číslo periodika v rámci svazku

301019

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

13

Strana od-do

1-13

Kód UT WoS článku

000600551900005

EID výsledku v databázi Scopus

2-s2.0-85098154995