Difference between pages "Network forensics" and "Blogs"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (added Tools:Logfile Analysis)
 
m (Forensic Blogs)
 
Line 1: Line 1:
'''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process.
+
[[Computer forensics]] related '''blogs'''.
  
There are both open source and proprietary network forensics systems available.
+
= English-Language Blogs =
  
== Open Source Network Forensics ==
+
== Forensic Blogs ==
  
* [[Wireshark]]
+
* [http://computer.forensikblog.de/en/ Andreas Schuster - Computer Forensics Blog]
* [[Kismet]]
+
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
* [[Snort]]
+
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
* [[OSSEC]]
+
* [http://fleet.typepad.com/lukeup/ SecurityBros.com - Hacking, Forensics & Security]
* [[NetworkMiner]] is [http://sourceforge.net/projects/networkminer/ an open source Network Forensics Tool available at SourceForge].
+
* [http://windowsir.blogspot.com/ Harlan Carvey - Windows Incident Response Blog]
* [[Xplico]] is an Internet/IP Traffic Decoder (NFAT). Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...].
+
* [http://geschonneck.com/ Alexander Geschonneck - Computer Forensics Blog]
 +
* [http://forensiccomputing.blogspot.com/ Michael Murr - Computer Forensics Blog]
  
== Commercial Network Forensics ==
+
== Related Blogs ==
===Deep-Analysis Systems===
+
* E-Detective [http://www.edecision4u.com/] [http://www.digi-forensics.com/home.html]
+
* Code Green Networks [http://www.codegreennetworks.com Content Inspection Appliance] - Passive monitoring and mandatory proxy mode. Easy to use Web GUI. Linux platform. Uses Stellent Outside In to access document content and metadata.
+
* ManTech International Corporation [http://www.netwitness.com/ NetWitness]
+
* Network Instruments [http://www.networkinstruments.com/]
+
* NIKSUN's [[NetDetector]]
+
* PacketMotion [http://www.packetmotion.com/]
+
* Sandstorm's [http://www.sandstorm.net/products/netintercept/ NetIntercept] - Passive monitoring appliance. Qt/X11 GUI. FreeBSD platform. Uses forensic parsers written by Sandstorm to access document content and metadata.
+
* Mera Systems [http://netbeholder.com/ NetBeholder]
+
  
===Flow-Based Systems===
+
* [http://www.c64allstars.de C64Allstars Blog]
* Arbor Networks
+
* [http://www.emergentchaos.com/ Adam Shostack - Emergent Chaos]
* GraniteEdge Networks http://www.graniteedgenetworks.com/
+
* [http://jeffjonas.typepad.com/ Jeff Jonas - Inventor of NORA discusses privacy and all things digital]
* Lancope http://www.lancope.com/
+
* [http://www.cs.uno.edu/~golden/weblog Golden G. Richard III - Digital Forensics, Coffee, Benevolent Hacking]
* Mazu Networks http://www.mazunetworks.com/
+
  
===Hybrid Systems===
+
= Non-English Language =
These systems combine flow analysis, deep analysis, and security event monitoring and reporting.
+
* Q1 Labs  http://www.q1labs.com/
+
  
== Tips and Tricks ==
+
=== French ===
  
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
+
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
  
== See also ==
+
=== German ===
* [[Wireless forensics]]
+
* [[SSL forensics]]
+
* [[Tools:Network Forensics]]
+
* [[Tools:Logfile Analysis]]
+
  
[[Category:Network Forensics]]
+
* [http://computer.forensikblog.de/ Andreas Schuster - Computer Forensik Blog Gesamtausgabe] ([http://computer.forensikblog.de/en/ English version])
 +
* [http://computer-forensik.org Alexander Geschonneck - computer-forensik.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
 +
* [http://henrikbecker.blogspot.com Henrik Becker - Digitale Beweisführung] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
 +
 
 +
=== Spanish ===
 +
 
 +
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
 +
* [http://www.inforenses.com Javier Pages - InForenseS] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])

Revision as of 20:53, 12 November 2006

Computer forensics related blogs.

Contents

English-Language Blogs

Forensic Blogs

Related Blogs

Non-English Language

French

German

Spanish