Menu

Our Blog

Network Device Forensics

Didier Stevens posted a video on his blog about Network Device Forensics.

network device forensics

 

The main part of the “Network Device Forensics Talk” describes the “Network Appliance Forensic Toolkit”, aka NAFT. NAFT is an open source toolkit, written in Python, with which you can analyze memory dumps and images from network devices.

The Network Appliance Forensic Toolkit consist of the following modules:

  1. naft-gfe.py: Network Appliance Forensic Toolkit – Generic Frame Extraction. This tool extracts frames from files by searching for ARP frames and IPV4 headers with valid checksums, and stores the extracted frames in a PCAP file.
  2. naft-icd.py: Network Appliance Forensic Toolkit – IOS Core Dumps This tool analyses IOS core dumps. In this version of the tool, we assume the memory is not corrupted (e.g. heap corruption).
  3. naft-ii.py: Network Appliance Forensic Toolkit – IOS Image This tool analyses IOS image files.

 

You can find the “Network Device Forensics Talkhere.

More info about the Network Appliance Forensic Toolkit can be found here.

Tags:

Show Comments (0)

This is a unique website which will require a more modern browser to work! Please upgrade today!