Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

DEFT 4

DEFT4 has arrived! In this release, there are many new features.
The novelty of Xplico in Def4 are:

  • console-mode Xplico execution
  • acquisition and processing in realtime (in console-mode)
  • access to every HTTP message. You can examine:
    • request header and body
    • response header and body
    • Therefore it will be viewed the request body of the POST
  • Internet Printing Protocol (IPP) and Printer Job Language (PJL) dissectors. With these dissecors you can view, in PDF format, the pages printed with printers that use PCL5E, PCL5C, and PCL6 formats (for example HP LaserJet 2300dn, HP LaserJet 4). Other formats (ex: Zenographics ZJ-stream) are in development
  • viewing any video transited in HTTP with content-type “video/flv” extracted from pcap file (ex: YouTube video)
  • browsing all images transported in HTTP
  • improvement of displaying Web pages extracted from pcap file

Remember to run xplicostart from the Terminal and then launch Firefox with URL: http://localhost