NetworkMiner - Network Forensic Analysis Tool

NetworkMiner - Network Forensic Analyzer

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that you can use as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc without putting any traffic on the network. You can also use it to parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

Note: It also works on Linux, Mac OSX, and FreeBSD.

The way data is presented in the NetworkMiner makes the analysis more simple, and this also saves valuable time for the analyst or the forensic investigator. NetworkMiner also allows you to search the sniffed or stored data for keywords.

NetworkMiner Window Snapshot

"NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world."

It can also be used to extract and save media files (such as audio or video files) which are streamed across a network from websites such as YouTube, Vimeo and etc. And also user credentials, which you can find under the "Credentials" tab.

Supported protocols for file extraction are the following:
  • FTP (File Transfer Protocol)
  • TFTP (Trivial File Transfer Protocol)
  • HTTP (Hypertext Transfer Protocol)
  • SMB (Server Message Block)
  • SMB2 (Server Message Block Protocol Versions 2)
  • SMTP (Simple Mail Transfer Protocol)
  • POP3 (Post Office Protocol 3)
  • IMAP (Internet Message Access Protocol)

The NetworkMiner comes in two flavors: Free Edition, and Professional. The Professional version offers features like Live sniffing, IPv6 support, PCAP and PcapNG file parsing, decapsulation of GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS and EoMPLS, pcap-over-IP, OS fingerprinting, port-independent protocol identification, the ability to export results to a CSV/Excel /XML file, configurable file output directory, geo IP localization, DNS whitelisting, web browser tracking, online ad and tracker detection, host coloring support, and command-line scripting support. 

But the free version only offers these features: Live sniffing, IPv6 support, PCAP file parsing, decapsulation of GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS and EoMPLS, pcap-over-IP, and OS Fingerprinting.

NetworkMiner Professional comes installed on a specially designed USB flash drive. You can run NetworkMiner directly from the USB flash drive since NetworkMiner is a portable application that doesn't require any installation.

NetworkMiner Professional USB Picture

Note: In order to achieve the maximum performance, you must copy the NetworkMiner Professional to the local hard drive, and it run from there.

No comments

Powered by Blogger.