Repository navigation
network-forensics
- Website
- Wikipedia
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.
JA4+ is a suite of network fingerprinting standards
Warning lists to inform users of MISP about potential false-positives or other information in indicators
CyberScan: Network's Forensics ToolKit
Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.
Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.
Blackbook of malware domains
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Hands-On Network Forensics by Nipun Jaswal
In progress. Web service for analyzing network traffic dumps (PCAP) with RAG. Detection of attacks through signature methods, integration with Threat Intelligence systems and AI.
A FUSE module to mount captured network data
Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection
Some network covert channel projects of my own research, containing a protocol channel tool (protocol switching covert channel, PCT/PSCC), a protocol hopping covert channel (PHCC) tool, the protocol channel-aware active warden (PCAW) and ... VSTT.
The Network Traffic Analyzer is a Python script designed for capturing and analyzing network traffic, focusing primarily on DNS traffic. This tool provides users with the capability to monitor network activity in real-time and extract relevant information from captured packets.
Overview of some network tools that can be used during the network forensics (extended with some publicly available datasets)
The goal of this project is to help researchers/investigaters to export the decrypted TLS content into a PCAP
Program for static analysis of pcap files and recreation of information sent
Designing and implementing a Packet-Based Intelligent Network phishing Intrusion Detection system. The idea of the design is to use machine learning to classify Network packets to benign and phishing in real-time flow (for both http/https protocol) based on DNS records and domain name features. It operates by using a pre-programmed list of known phishing threat features and their indicators of compromise (IOCs). As a signature based INPDS it will monitor the packets traversing the network, it compares these packets to the database of known IOCs or attack signatures to flag any suspicious behavior.
Usable web interface to perform offline network analysis
IoT Forensics Master Thesis @PoliMi