NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols. The implemented functionality includes:
  • Analysis project management that enables to analyze multiple PCAPs in a single session. Support for large PCAP files, up to GBs.
  • Advanced visualization using different views of various levels of detail - from overivew to detailed information about every single packet.
  • A collection of persers and content extraction methods for the most used application protocols.
  • Filtering and full-text search in captured traffic.
NFX Detective is an extensible platform that can be customized to individual requirements:
  • Possibility to create a new extraction moduls for other application protocols. This can be done using protocol specification language and implementation of data transoformation and new user view to presented extracted data.
  • Extension of the system with user defined analyical methods. NFX Detective employs open data model that can be accessed or easily modified.
  • Definition of new uviews on the data. Data are stored in a No-SQL database and can be efficiently accessed through well-defined interface.

Publications

  • RYŠAVÝ Ondřej and PLUSKAL Jan. Detection, and Analysis of SIP Fraud Attack on 100Gb Ethernet with NEMEA System. Pristina, 2017.
  • PLUSKAL Jan, RYŠAVÝ Ondřej and MATOUŠEK Petr. On the Identification of Applications from Captured Network Traffic. New York, 2016.
  • MATOUŠEK Petr, PLUSKAL Jan, RYŠAVÝ Ondřej, VESELÝ Vladimír, KMEŤ Martin, KARPÍŠEK Filip and VYMLÁTIL Martin. Advanced Techniques for Reconstruction of Incomplete Network Data. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. 2015, vol. 2015, no. 157, pp. 69-84. ISSN 1867-8211.
  • PLUSKAL Jan, MATOUŠEK Petr, RYŠAVÝ Ondřej, KMEŤ Martin, VESELÝ Vladimír, KARPÍŠEK Filip and VYMLÁTIL Martin. Netfox Detective: A tool for advanced network forensics analysis. In: Proceedings of Security and Protection of Information (SPI) 2015. Brno: Brno University of Defence, 2015, pp. 147-163. ISBN 978-80-7231-997-8.
  • PLUSKAL Jan, RYŠAVÝ Ondřej and VESELÝ Vladimír. NetFox - The network forensic extandable analysis tool. In: 6th AFCEA Student Conference Future of Information and Communication Technology. Bucharest: University Politehnica of Bucharest, 2014, pp. 68-71. ISBN 978-606-551-047-0.
  • PLUSKAL Jan. NetFox.Framework - The network forensic extandable analysis tool. In: Proceedings of the 20th Conference STUDENT EEICT 2014 Volume 2. Brno: Brno University of Technology, 2014, pp. 280-282. ISBN 978-80-214-4923-7.
  • PLUSKAL Jan. Analýza a rekonstrukce komunikace typu instant messaging (YMSG a ICQ). In: Proceedings of the 18th Conference Student EEICT 2012 Volume 1. Brno: Faculty of Information Technology BUT, 2012, pp. 176-178. ISBN 978-80-214-4460-7.

Acknowledgement

PostSharp - https://www.postsharp.net
TFS Timetracker - http://www.tfs-timetracker.com

Copyright © 2015 Brno University of Technology. All rights reserved.

CZ | EN