NetworkMiner

NetworkMiner is a network forensics tool developed by NETRESEC, designed to extract artifacts from network traffic. According to the vendor, this versatile tool is suitable for companies and organizations of various sizes, catering to a wide range of professionals and industries. It is said to be used by incident response teams, law enforcement agencies, network security professionals, forensic investigators, and IT security consultants.

Key Features

Live sniffing: According to the vendor, NetworkMiner can capture live network traffic by sniffing a network interface.

Parse PCAP files: NetworkMiner is claimed to be capable of extracting artifacts from captured network traffic in PCAP files.

Parse PcapNG files: The vendor states that NetworkMiner can parse PcapNG files to extract artifacts from network traffic.

Parse ETL files: NetworkMiner is said to have the ability to parse ETL files to extract artifacts from network traffic.

Network Packet Carver: According to the vendor, NetworkMiner includes a network packet carver feature.

IPv6 support: The vendor claims that NetworkMiner supports IPv6 in both the Free Edition and Professional version.

Extract files from various protocols: NetworkMiner is claimed to be able to extract files from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3, IMAP, and LPR traffic.

Extract X.509 certificates from SSL encrypted traffic: According to the vendor, NetworkMiner can extract X.509 certificates from SSL encrypted traffic such as HTTPS, SMTPS, IMAPS, POP3S, and FTPS.

Decapsulation of various protocols: NetworkMiner is said to be capable of decapsulating protocols such as GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS, EoMPLS, and ERSPAN.

Receive Pcap-over-IP: According to the vendor, NetworkMiner can receive Pcap-over-IP traffic.