In his presentation Yann Berthier introduces Netflows as an information source for network forensics.
Continue reading Netflows as a source of forensic information.
Category "Network forensics"
Tcpxtract is a carver for network traffic, which means it extracts files out of captured data. In order to determine start and end positions of a file it searches for certain byte sequences. This procedure was inspired by foremost, a carver for filesystem data.
Continue reading tcpxtract version 1.0.
