Menu Close

Category: Analyzers

Forensic analytic tools

Forensic analysis tools

  • Author : Tomáš Mokoš


NetworkMiner is a Network forensic analysis tool (NFAT) for Windows operating systems. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. NetworkMiner’s primary purpose is collection of data regarding network hosts, rather than data regarding network traffic. In addition to direct file capture, NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. This function can be used for extraction and archiving of media files transferred through the network. Supported file extraction protocols are FTP, SMB and HTTP. Extracted user credentials (username and password) for supported protocols can be found in the Credentials tab. Other useful features include keyword search in the captured/archived data and Nmap MAC vendor lookup.


Xplico is an open-source NFAT. The goal of Xplico is the extraction of application data contained in a capture sample of Internet traffic. For example, Xplico can export all e-mails (POP, IMAP and SMTP), HTTP contents, VoIP calls, FTP and TFTP files, etc.


Moloch – Specification of system load monitoring tools

Specification of system load monitoring tools

  • Authors : Tomáš Mokoš, Marek Brodec


Version : 0.7.4

Nload is a console application which monitors network traffic and bandwidth usage in real time. The gathered statistics are displayed in two separate graphs (one for uplink and one for downlink). Nload also provides detailed information about the total amount of transferred data and average, minimum and maximum transfer rate. We used this application in its simplest mode – Nload interface. There are, however, many different display options and additional configuration options you can read about in the application’s man page – $ man nload.