I found these tools extremely easy to operate and useful in network level forensic investigation - Wireshark captured file (*.pcap)
1. Network Miner- http://networkminer.sourceforge.net/
2. Netwitness Investigator - http://download.netwitness.com
3. Xplico - http://www.xplico.org/
Yes there are free ;)
Additional details on Xplico fo Ubuntu 9.x
- run apt-get install apache2
- run apt-get install xplico
- edit /etc/php5/apache2/php.ini to increase the size of files to upload:
* post_max_size = 100M
* upload_max_filesize = 100M
- restart Apache2
- sudo sh /opt/xplico/script/sqlite_demo.sh
- http://localhost:9876
- create new case in Xplico
- create new session then upload you pcap file
No comments:
Post a Comment