Network forensics with NetworkMiner
Via the Irongeek website I found NetworkMiner today. In a way, it does not seem as advanced as Xplico and ClearSight Analyzer, but it may be sufficient for what you use it and thus a very good idea to have it in your toolkit anyway. Whereas Xplico is a freeware *nix application and ClearSight Analyzer is a commercial Windows program, NetworkMiner is a freeware Windows application. In my opinion it is usually a good idea to have a mix of commercial and freeware software, and both *nix and Windows platforms to use them on.
Update: Coincidentally while I was writing this article, an anonymous reader pointed me to a post on the When Puffy Meets RedDevil blog about the very same subject. Thanks for the heads up!
Update 2: Russ McRee from HolisticInfoSec.org was kind enough to drop me an email with some more information on NetworkMiner, including a link to an article he wrote about the application. It is a really nice rundown of NetworkMiner, and set me to think that I should play around some more with it. I'm beginning to get the impression that I seriously underestimated its possibilities, which I failed to see behind the minimalistic looking GUI.
Update: Coincidentally while I was writing this article, an anonymous reader pointed me to a post on the When Puffy Meets RedDevil blog about the very same subject. Thanks for the heads up!
Update 2: Russ McRee from HolisticInfoSec.org was kind enough to drop me an email with some more information on NetworkMiner, including a link to an article he wrote about the application. It is a really nice rundown of NetworkMiner, and set me to think that I should play around some more with it. I'm beginning to get the impression that I seriously underestimated its possibilities, which I failed to see behind the minimalistic looking GUI.
Labels: digital forensics
Post a Comment