NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols. The implemented functionality includes:
- Analysis project management that enables to analyze multiple PCAPs in a single session. Support for large PCAP files, up to GBs.
- Advanced visualization using different views of various levels of detail - from overview to detailed information about every single packet.
- A collection of parsers and content extraction methods for the most used application protocols. Filtering and full-text search in captured traffic.
NFX Detective is an extensible platform that can be customized to individual requirements:
- Possibility to create new extraction modules for other application protocols.
- Extension of the system with user defined analytical methods. NFX Detective employs open data model that can be accessed or easily modified.
- Definition of new views on the data. Data are stored in a SQL database and can be efficiently accessed through the well-defined interface.
To demonstrate Netfox Detective analysis capcabilitie, you may analyze PCAP files containing following application protocols:
- BTC - Stratum
- DNS
- Facebook*
- FTP
- Hangouts*
- HTTP
- OSCAR - ICQ
- IMAP
- Lide.cz
- Messenger
- Minecrat
- MQTT
- POP3
- RTP
- SIP
- SMTP
- SPDY
- Twitter*
- Webmails - various services*
- Xchat.cz
- XMPP
- YMSG
* SSL/TLS decryption key is mandatory
Netfox Detective can be installed from release builds available on FourceForge.
Before you start installing NFX Detective, please check that your system meets the requirements. Microsoft Windows Vista SP2 and newer is reauired to run Netfox Detective.
- 1 GHz 64-bit (x64) processor
- 2 GB RAM
- 4 GB available hard disk space
- DirectX 9 graphics device with WDDM 1.0 or higher driver
- 1,024 x 768 with true color
- 1 GHz 64-bit (x64) processor
- 8 GB RAM
- 64 GB available SSD hard disk space
- DirectX 9 graphics device with WDDM 1.0 or higher driver
- 1,920 x 1,200 with true color
- Visual Studio 2017 Enterprise
- Microsoft .NET Framework 4.7 Developer Pack
- SQL Server 2016 SP1 Express - for data persistence support
- Git LFS
git config --global lfs.dialtimeout 0- Without this the HTTP session while pushing LFS tracked file will timeout.
It is strongly advised to remove any obj and bin folders from solution upon repeatedly unsuccessful compilation.
- Telerik UI for WPF - FreeTrial - copy to /lib
- Infragistics WPF - FreeTrial - copy to /lib
- PostSharp - FreeTrial
- Additional libraries are installed from NuGet.
It is mandatory to develop according to GitFlow. More information can be found in contributing notes.