NetworkMiner: Network

Forensics Analysis Tool

Analyze network traffic files for forensic investigation

Open-source traffic sniffer and protocol analyzer by Netresec

by JODIE ANNA DICIEMBRE

What is NetworkMiner?
Network Forensic PCAP Analysis Artifact Extraction
Analysis Tool
Parse files offline and Presents data in intuitive
Passive network sniffer reassemble transmitted interface
without traffic generation data
Managing PCAP Files

Remove Files
Multiple Files
Right-click in Case Panel to remove
Load PCAP
Files merge automatically
Select file to analyze
Host Analysis
IP Information Traffic Statistics Host Details

View all hosts in capture Packets sent/received OS detection

Detect duplicate MAC addresses Data bytes transferred Open ports

Server banners
Credential Extraction
Password Capture Authentication Details
Extract usernames and View protocol-specific
passwords from traffic auth data

Hash Extraction
Capture NTLM and other hash formats
File Extraction

Reassembled Files File Metadata Content Analysis

Extract files from network streams View source/destination and Examine extracted file contents
frame numbers
Message Analysis
Email Extraction
View sender, recipient, subject, content

Attachment Recovery
Extract files from messages

Timestamp Analysis
Chronological message ordering
Version Differences

Version 2.7
Detects duplicate MAC addresses

Version 1.6
Handles frames and packet details

All Versions
Core traffic analysis functionality
Anomaly Detection

Identify Flag
Detect unusual patterns in traffic Mark suspicious frames

Mitigate Investigate
Address security concerns Analyze flagged content
Practical Applications
Incident Response
Analyze compromised networks

Digital Forensics
Gather evidence from network traffic

Security Monitoring
Detect suspicious activities

Training
Learn network forensics techniques