A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs.
Similar to tcpflow which we mentioned recently.
A html index file is created that links to all the session details, including realtime replay programs for telnet, rlogin, IRC, X11 and VNC sessions; and reports such as image reports and HTTP GET/POST content reports. Chaosreader can also run in standalone mode – where it invokes tcpdump or snoop (if they are available) to create the log files and then processes them.
The cool thing about Chaosreader is that it outputs a nicely formatted HTML file to enable you to look at the extracted sessions a lot easier.
In this example, a snoop file was created while a website was loaded, telnet was used to login and ftp to transfer files. Chaosreader has managed to extract the HTTP sections, follow the telnet session, grab the FTP files, and create an Image Report from the snoop log. It has also created a replay program to playback the telnet session. You can see the example here.
You can find some more screenshots here.
You can download Chaosreader here:
You can read more here.
- Rekall – Memory Forensic Framework
- DAMM – Differential Analysis of Malware in Memory
- Malheur – Automatic Malware Analysis Tool
- Sysdig – Linux System Troubleshooting Tool
- Windows Credentials Editor v1.0 – List, Add & Edit Logon Sessions
- RWMC – Retrieve Windows Credentials With PowerShell
Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,214 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 33,262 views
- sslsniff v0.6 Released – SSL MITM Tool - 27,160 views