Network Forensics
Compare 28 network forensics tools to find the right one for your needs
π§ Tools
Compare and find the best network forensics for your needs
Volatility Framework
An open-source framework for incident response and malware analysis that allows for the extraction of digital artifacts from volatile memory (RAM) samples.
NetworkMiner
An open-source tool for network forensics and traffic analysis that can extract files, emails, and other artifacts from PCAP files or live traffic.
Nmap
A free and open-source utility for network discovery and security auditing.
Security Onion
A Linux distribution for intrusion detection, network security monitoring, and log management.
Wireshark
A free and open-source packet analyzer used for network troubleshooting, analysis, and software and communications protocol development.
tcpdump
A free and open-source command-line utility for capturing and analyzing network traffic.
Suricata
An open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring (NSM) engine.
Paessler PRTG Network Monitor
A comprehensive network monitoring tool that monitors all the systems, devices, traffic, and applications in your IT infrastructure.
Mandiant Security Validation
A security validation platform that allows you to continuously measure, manage, and improve your cyber security effectiveness.
Autopsy
A free and open-source digital forensics platform that provides a graphical interface to The Sleuth Kit and other forensic tools.
Zeek
A powerful and flexible open-source network analysis framework that provides detailed logs of network activity.
Snort
An open-source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) capable of real-time traffic analysis and packet logging.
LiveAction LiveWire
A solution for capturing and analyzing network packets to troubleshoot network and application performance issues and conduct security forensics.
Cisco Secure Network Analytics (Stealthwatch)
A network detection and response (NDR) solution that uses enterprise-wide network visibility and security analytics to detect and respond to threats in real time.
SolarWinds NetFlow Traffic Analyzer
A network traffic analysis tool that provides a comprehensive view of network traffic, allowing you to identify who and what is consuming your bandwidth.
ManageEngine NetFlow Analyzer
A web-based network traffic analysis tool that collects, analyzes, and reports on what your network bandwidth is being used for and by whom.
Splunk
A data platform that provides security information and event management (SIEM), observability, and IT solutions.
NetWitness NDR
A network detection and response (NDR) solution that provides real-time visibility into network traffic to detect and respond to threats.
Nagios Network Analyzer
A network traffic analysis tool that provides a detailed look at your network traffic and bandwidth utilization.
OSForensics
A digital forensics and e-discovery tool that allows you to extract and analyze digital evidence from computers, mobile devices, and other sources.
OpenText EnCase Forensic
A court-proven solution for digital forensics that enables examiners to acquire data from a wide variety of devices and conduct in-depth investigations.
Exterro FTK
A comprehensive digital forensics platform that provides processing and indexing of data upfront, so you can start your investigation sooner.
Xplico
An open-source network forensic analysis tool that reconstructs the contents of acquisitions performed with a packet sniffer.
CAINE
A Linux live distribution created as a digital forensics project, offering a complete forensic environment.
SANS SIFT Workstation
A collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations.
Bulk Extractor
An open-source tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
The Sleuth Kit
A collection of command-line tools and a C library that allows you to analyze disk images and recover files from them.
Plaso
A command-line tool to extract timestamps from various files found on a typical computer system and aggregate them.