There are many Network Forensic Analysis Tools (NFAT) currently available. NetworkMiner is a powerful tool that has many features that are not as well implemented in other tools. Among these features are: NetworkMiner allows you to parse libcap files or to do a live packet capture of the network traffic. NetworkMiner also allows you to reconstruct FTP, SMB, HTTP, and TFTP data streams so that you can see a comprehensive view of what data was being sent over the network.
Core Features[]
NetworkMiner can allow you to do the following:
- Capture data from several different network interfaces
- View the credential data of the connections
- Use the DNS info to see what sites people are accessing
- Search for keywords (string, or hex) within the packets
- See all clear text that it monitored
- Recontruct and view files that were transfered based on the data stream
- Create thumbnails of all the images that were sent over the network for easy monitoring
- It is a passive tool. It doesn't actively target devices on the network
- Capture and view frame data about the packets
- Passive OS detection
- And much more