There are 7 repositories under network-forensics topic.
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.
The goal of this project is to help researchers to analyze traffic encapsulated in SSL or TLS.
A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
Hands-On Network Forensics by Nipun Jaswal
Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection
Some network covert channel projects of my own research, containing a protocol channel tool (protocol switching covert channel, PCT/PSCC), a protocol hopping covert channel (PHCC) tool, the protocol channel-aware active warden (PCAW) and ... VSTT.
Overview of some network tools that can be used during the network forensics (extended with some publicly available datasets)
The goal of this project is to help researchers/investigaters to export the decrypted TLS content into a PCAP
Program for static analysis of pcap files and recreation of information sent
Designing and implementing a Packet-Based Intelligent Network phishing Intrusion Detection system. The idea of the design is to use machine learning to classify Network packets to benign and phishing in real-time flow (for both http/https protocol) based on DNS records and domain name features. It operates by using a pre-programmed list of known phishing threat features and their indicators of compromise (IOCs). As a signature based INPDS it will monitor the packets traversing the network, it compares these packets to the database of known IOCs or attack signatures to flag any suspicious behavior.
The Network Traffic Analyzer is a Python script designed for capturing and analyzing network traffic, focusing primarily on DNS traffic. This tool provides users with the capability to monitor network activity in real-time and extract relevant information from captured packets.
passive device fingerprinting api for network intrustion detection
Hunt sql commands in pcap.
Usable web interface to perform offline network analysis
Filter background traffic from capture files
This repository was designed to help streamline the process of completing the Deakin unit SIT327 Network Forensics.
This repository contains various scripts that can be used to obtain information about IP addresses and MAC addresses.
🛰️ A sophisticated network mapper and analyser
Cybersecurity content (YouTube videos) | (1) Deep packet inspection analyses - why the typical approach is not enough | (2) Deep Packet Inspection Analysis - Examining One Packet Killers | (3) Remcos RAT threat analysis on Windows including IEC 60870-5-104 traffic
Write-ups for CTF-like, CyberSec training platforms (BTLO, CyberDefenders) | Repository of forensic artifacts which are useful in real world and CTF investigations
Contains beginner-level network forensics challenges from various CTFs.
NETWORK FORENSICS: 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc)
network security monitoring visibility , ELK, CTI, DFIR
tshark network forensics ubuntu windows