An update to one of our favorite network forensics tools has just been released. Whether it is a network challenge or real-world incident, NetworkMiner can help you carve through PCAP content fairly easy. The new version of NetworkMiner adds a bunch of new features, including file extraction from SMB write operations, a parser for SMB2, more SCADA commands, and a PLC parser.
One of the biggest new features though is a keyword filtering capability that eases indicator searches that may happen during investigations. Data in the Files, Parameters, DNS, Messages, and Sessions tabs are supported. To complement the filtering capability, data displayed in the Parameters tab has also expanded. New HTTP parameters include request methods, URIs, response status codes, and headers. There is also additional support for SMB and SMB2 parameters.
But that’s not all. New features in the Professional version add host OS fingerprinting, a new tab for analyzing web browser sessions, user settings that persist across executions, and improved log exports (new XML and better CSV formats). Checkout a the full 2.0 release details here.
Today’s post pic is from Netresec.com. See ya!