EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 8 : Network Forensics |
||||
Notes available : 7 |
You are not logged in. Please Login for track your learning progress |
|||
Commonly using Network Forensics Tools
Various tools are available for Network forensics to
investigate network attacks. Network forensic tools are incredibly
useful when it comes to evidence collection, especially in a day and age when
most people are constantly within reach of a cell phone, laptop and other
technology. Here listing few commonly using Network forensics tools
1. tcpdump
Tcpdump is a popular command line tool available for capturing and analyzing network traffic primarily on Unix based systems. Using tcpdump, we can capture the traffic and store the results in a file that is compatible with tools like Wireshark for further analysis. Tcpdump can either be used to do a quick packet capture for troubleshooting or for capturing traffic continuously in large volumes for future analysis
2. Wireshark
It would be a surprise if someone worked in the Cyber Security field and not heard of the tool Wireshark. Wireshark is an open-source tool available for capturing and analyzing traffic with support for applying filters using the graphical user interface. On the system, where Wireshark is running one can choose the interface on which traffic needs to be captured.
3. HELIX3
Reveal Internet abuse, data sharing and harassment without detection using HELIX3. This software integrates into your network, providing visibility across the entire infrastructure. Features include compliance management, protection from employee malicious behavior, litigation support and more.
4. NetworkMiner
NetworkMiner isan open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. NetworkMiner can also be used to capture live network traffic by sniffing a network interface.
5. Splunk
Splunk is a proprietary, portable, highly extensible log aggregation and analysis tool. Splunk performs capturing, indexing, and correlating the real time data in a searchable container and produces graphs, alerts, dashboards and visualizations. When it comes to network forensics, splunk plays a crucial role in providing evidence from various sources
6. ParabenE3 Digital Forensic
Paraben‘s E3:P2C isa tried-and-true computer forensic tool that supports a variety of digital data sources that include: file system, network email archives, local email archives, internet data, etc.
7. Snort
Snort is one of the most popular network Intrusion Detection Systems available for free. This open source detection software uses rules to define malicious network activity and generate alerts quickly when threats arise. There is a commercial version of Snort available, which is currently offered by Cisco.
8. Xplico
Xplico is a network forensics analysis tool (NFAT), which isa software that reconstructs the contents of acquisitions performed with a packet sniffer (e.g. Wireshark, tcpdump, Netsniff-ng).
9. CurrPorts
CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer
10. Capsa
Capsa is a network analyzer tool that helps network administrators monitor, troubleshoot, and analyze wired and wireless networks.Capsa is an intuitive network analyzer, which provides detailed information to help check if there are any Trojan activities on a network.
11. AirSnort
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws.
12. Ettercap
Ettercap is a suite for adversary-in-the-middle attacks on LAN that includes sniffing of live connections, content filtering on the fly, and many other features. It supports active and passive dissection of many protocols (including ciphered protocols) and includes many features for network and host analysis. It is a free and open source tool that can launch Man-in-the-Middle attacks. You can use this tool for network analysis and security auditing and it can be run on various operation systems, like Linux, BSD, Mac OS X and Windows. Ettercap can sniff network traffic, capture passwords, etc.
13. dsniff
As the name implies, dsniff is a network sniffer, but it can also be used to
disrupt the normal behavior of switched networks and cause network traffic from
other hosts on the same network segment to be visible, not just traffic
involving the host dsniff is running on.
14. SmartWhois
SmartWhois is a useful network information utility that allows you to look up all the available information about an IP address, hostname or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information.
15. NMAP
Nmap isa network scanning tool—an open source Linux command-line tool—used for network exploration, host discovery, and security auditing. Gordon Lyon (pseudonym Fyodor Vaskovich) created it to help map an entire network easily and find its open ports and services.
Go to notes |