Xplico is an open source, GUI Network Forensics Analysis Tool (NFAT) that focuses on extracting artifacts from network and internet captures.
Captures of network and internet traffic are obtained directly in Xplico using its live acquisition feature but can also be done using tools within Kali Linux such as Wireshark and Ettercap. These network acquisition files are saved as .pcap
or packet capture files that are then uploaded to Xplico and decoded automatically using its IP decoder and decoder manager components.
Some of the protocols that we can investigate using Xplico include, but are not limited to:
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
- Hypertext Transfer Protocol (HTTP)
- File Transfer Protocol (FTP)
- Trivial FTP (TFTP)
- Session Initiation Protocol (SIP)
- Post Office Protocol (POP)
- Internet Map Access Protocol (IMAP)
- Simple Mail Transfer Protocol (SMTP)
Data contained in network and internet packet captures, and...