Network Forensics Analysis and Reconstruction Tools
I have come across and used some of the network forensics analysis tools and systems. I will just list out some of the common tools that network administrators, forensics analyst and investigators normally use. Of course, some are open source and some are paid license tools.
Network Packet Sniffer and Analyzer:
Wireshark (most common Linux and Windows packet analyzer tool use)
tcpdump/WinDump (another common tool - for Linux and Windows)
Kismet
EtterCap
PacketMon
Colasoft Capsa
CommView
WildPackets OmniPeek
KisMac
Network Packet Reconstruction Tool:
E-Detective (Real-Time LAN interception and reconstruction system)
EDDC (Offline raw data packets reconstruction system)
Wireless-Detective (Real-Time WLAN interception and reconstruction system)
VoIP-Detective (Voice over IP interception and reconstruction system)
Network Miner
Niksun NetDetector
NetWitness
Xplico
|