BUT.NetfoxDetective 2.1.0.0

A novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols.

NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols. The implemented functionality includes: - Analysis project management that enables to analyze multiple PCAPs in a single session. Support for large PCAP files, up to GBs. - Advanced visualization using different views of various levels of detail - from overivew to detailed information about every single packet. - A collection of persers and content extraction methods for the most used application protocols. - Filtering and full-text search in captured traffic. NFX Detective is an extensible platform that can be customized to individual requirements: - Possibility to create a new extraction moduls for other application protocols. This can be done using protocol specification language and implementation of data transoformation and new user view to presented extracted data. - Extension of the system with user defined analyical methods. NFX Detective employs open data model that can be accessed or easily modified. - Definition of new uviews on the data. Data are stored in a No-SQL database and can be efficiently accessed through well-defined interface.