Friday, May 11, 2007

Network Forensic Chart

I have came across the chart below when reading the article -

http://www.sandstorm.net/support/netintercept/downloads/ni-ieee.pdf


The chart illustrates what kind of information and data that you can obtained via network centric log(pcap). The breakdown shows clearly all forms of data that can be extracted when performing network forensics, this can give very clear view for people who want to learn more about the network forensics. It doesn't actually reflect the real world foo(data can be transfered via icmp and etc) however it does deliver the idea.

The chart says it all .....

What are the open source tools that can be used to performed network forensics?
- tcpXtract
- tcpflow
- chaosreader
- dataecho

Others that I can't think of now .....

Cheers ;]

2 comments:

王同 said...

cool! it gives a general view on Ethernet packages

Anonymous said...

That image is from some years ago -- the product is much improved now. Take a look at the demo (linked from main sandstorm.net page). It doesn't capture traffic, but you can import dump files and get an idea of what it can do.