network-forensics

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.

JA4+ is a suite of network fingerprinting standards

Warning lists to inform users of MISP about potential false-positives or other information in indicators

CyberScan: Network's Forensics ToolKit

Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.

Blackbook of malware domains

A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University

Hands-On Network Forensics by Nipun Jaswal

A FUSE module to mount captured network data

Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection

Some network covert channel projects of my own research, containing a protocol channel tool (protocol switching covert channel, PCT/PSCC), a protocol hopping covert channel (PHCC) tool, the protocol channel-aware active warden (PCAW) and ... VSTT.

Overview of some network tools that can be used during the network forensics (extended with some publicly available datasets)

The goal of this project is to help researchers/investigaters to export the decrypted TLS content into a PCAP

The Network Traffic Analyzer is a Python script designed for capturing and analyzing network traffic, focusing primarily on DNS traffic. This tool provides users with the capability to monitor network activity in real-time and extract relevant information from captured packets.

Program for static analysis of pcap files and recreation of information sent

Designing and implementing a Packet-Based Intelligent Network phishing Intrusion Detection system. The idea of the design is to use machine learning to classify Network packets to benign and phishing in real-time flow (for both http/https protocol) based on DNS records and domain name features. It operates by using a pre-programmed list of known phishing threat features and their indicators of compromise (IOCs). As a signature based INPDS it will monitor the packets traversing the network, it compares these packets to the database of known IOCs or attack signatures to flag any suspicious behavior.

Usable web interface to perform offline network analysis

IoT Forensics Master Thesis @PoliMi

passive device fingerprinting api for network intrustion detection