Any packet analysis tool for network forensics?E-Detective?
Does any one really use any network forensics tool for performing network evidence extraction? As I have some experience of using “E-Detective System”(http//www.edecision4u.com/) for analyzing network evidence, I would like to share such information to you guys.
E-Detective System can do many protocol decoding, such as Email (POP3, SMTP, IMAP, Webmail), IM/Chat (Yahoo, MSN, ICQ, AOL, QQ, UT Chat Room, Skype VOIP Log), HTTP (Link, Content, Reconstruct, Upload/Download), FTP, P2P, Online Game, Telnet etc.). This is a Linux-based system, and pcap files can be imported for performing evidence extraction task. For other usage, such as network auditing, it can function as real time traffic sniffing and decoding. However, in the part of providing forensic functions, it supports searching function only. Other good stuff for forensic investigations, such as hash value technology, file signature detection and bookmark functions, are still not developed in E-Detective.
As I know from Asian news, E-Detective is still dedicated for adding more functions for network forensics usage. E-Detective is also looking for new investors for designing and developing a more comprehensive network forensic tool set. If anyone interested in using such tool, buying network forensics OEM service, or invest its technology, you should visit their website.