Free Network Forensic Tools Essay Sample
Network forensics is the process that deals with capturing, recording, and analyzing of the events that are transmitted over a network so that to ascertain evidential information concerning the origin or the source of security approaches in a court of law. Network forensics differs from network security since it deals with hunting both source and results of an interruption or attack event, and not doing away with disturbances or attack. Due to an increased number of people using internet, it has been found that the number of internet related vices has also increased. Some of the illegal activities that are committed over the internet are; identity theft and data theft. As the use of internet has increased, the network forensics has become a constitutional component of computer forensics which deals with the gathering and scrutiny of data from the systems of computer, communication streams, storage media, and networks in a way that is acceptable in a court of law.
According to James some of the tools to be discussed include: EmailTrackerPro that identifies the physical location of the person who has sent a given email; Web Historian to know the length of time each visit is made as well as the files downloaded and uploaded from the website visited; and Ethereal to obtain and scrutinize the data which is exchanged between the different computers within a given network.
EmailTrackerPro examines the header of an email to identify the IP address of the machine from which the message was sent for the sender to be hunted. This is possible since all email messages have a header which is positioned at the top of the email. This header bears the origin of an email message in the "From" line, but in the "Received" lines, the header lists all the points through which the email passed while on its journey, accompanied with exact time and date. The header of the given message allows for each and every node's audit trail. The EmailTrackerPro has got a built-in location database, which serves to track email messages to a country or section of the world, proving information on a worldwide map.
So that an email message is traced, the header of the email has to be copied and pasted in EmailTrackerPro and then the tool started. The crucial trace will be revealed on the principal Graphical User Interface as well as a summary report obtained. This summary report allows for a decision to report the misuse of a given email address to the administrators of the sender and can as well enclose some serious information that can be used during the process of forensic analysis and investigation.
Web Historian enable users to review web site URLs which are kept in the history files of the web browsers that are typically used. This tool enables the forensic examiner to find out what, where, how, and when the trespassers checked out various sites. Web Historian can enable for analysis of a specific history file as well as algorithmically explore through a particular drive or folder and get all the browser history files that the tool is aware on how to analyze. Web Historian brings forth a report on its own, comprising the Internet activity from all of the browser history files it is able to turn up.
Ethereal is software that is extensively utilized as a network packet analyzer. It traps packets live just from the network path. It exposes the information in headers of at least all the protocols taking part in the transfer of the packets trapped. Ethereal selectively allows in and out the packets taking into account the user needs. Ethereal enables searching for packets by means of some given specifications. Ethereal provides improved depiction to comprehend the results with ease by use of a colorized show of packets belonging to different protocols. Ethereal allows for an opportunity to choose the interface over which one would like to capture the packets. While the process of packet capture is on progress, Ethereal depicts the type of packets trapped together with their protocols like Address Resolution Protocol (ARP), User Datagram Protocol (UDP), and Transport Control Protocol (TCP).