Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.
|Tags||Network Analysis Forensics|
|Operating Systems||any system running Perl 5|
Release Notes: Protocol name hashing has been moved to the configuration file xtract.conf. Various issues concerning link diagram generation have been resolved. A basic carver for exe files has been added, but has not been rigorously stress tested, so the authors would appreciate any feedback on it.