NetworkMiner 1.1 - Network Forensic Analysis Tool (NFAT) Released

NetworkMiner 1.1 - Network Forensic Analysis Tool (NFAT) Released
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

Consider a scenario where you’re analyzing a suspicious website, wishing to understand the way that it might try attacking its visitors. One way to approach this challenge is to browse the website using a Windows laboratory system designated for this type of work. In this case, your hope might be to have the system attacked and infected, so you can understand the nature of the threat.There are several tools that could capture relevant details about the attack, so you can analyze them to understand what transpired. For instance, CaptureBAT can capture not only process-level activity on the laboratory system, but also create a pcap file of the observed network traffic. You can also run a dedicated network sniffer, such as tcpdump or Wireshark’s dumpcap, or use the sniffer built into NetworkMiner.