http://www.sandstorm.net/support/netintercept/downloads/ni-ieee.pdf
The chart illustrates what kind of information and data that you can obtained via network centric log(pcap). The breakdown shows clearly all forms of data that can be extracted when performing network forensics, this can give very clear view for people who want to learn more about the network forensics. It doesn't actually reflect the real world foo(data can be transfered via icmp and etc) however it does deliver the idea.
The chart says it all .....What are the open source tools that can be used to performed network forensics?
- tcpXtract
- tcpflow
- chaosreader
- dataecho
Others that I can't think of now .....
Cheers ;]
2 comments:
cool! it gives a general view on Ethernet packages
That image is from some years ago -- the product is much improved now. Take a look at the demo (linked from main sandstorm.net page). It doesn't capture traffic, but you can import dump files and get an idea of what it can do.
Post a Comment