First of all, happy new year to all our Readers! There exist tools that are very popular for a long time because they are regularly updated and… just make the job! NetworkMiner is one of them (the first release was in 2007). I don’t use it regularly but it is part of my forensic toolbox for a while and already helped me in many investigations.
NetworkMiner is an open source forensics tool that processes PCAP files or listens to live traffic to extract artifacts, such as files, images, emails, … Extracted data is organised by discovered hosts that helps to build an inventory of devices communicating on the network.
Today, a new version (2.8) has been released. More information on the NetworkMiner blog.
Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.