NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).
NetworkMiner has, since the first release in 2007, become popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.
It’s been a long time since we last mentioned NetworkMiner, it was back in 2008 – NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows.
Now there’s a new version!
New in v1.1
The new version supports features such as:
- Extraction of Google Analytics data
- Better parsing of SMB data
- Support for PPP frames
- Even more stable than the 1.0 release
You can download NetworkMiner v1.1 here:
Or read more here.
Recent in Forensics:
- Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items
- Rec Studio 4 – Reverse Engineering Compiler & Decompiler
- CAINE (Computer Aided INvestigative Environment) – Digital Forensics LiveCD
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows
- Wireshark v1.0.0 Released – Cross Platform Graphical Packet Sniffer
- Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling
Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 65,396 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 27,969 views
- sslsniff v0.6 Released – SSL MITM Tool - 26,790 views