NeSA is a network forensics tool to capture and analyze network traffic. Data sent through the network can be captured, recreated and exported using this tool. NeSA analyzes already captured and stored packets. It is capable of analyzing at packet level as well as the data level. The processed information can be viewed in a multimedia display. Visualizing the data in different forms using the tool helps the analyst in analysis. It is possible to decrypt SSL sessions using NeSA, if the private key is available. Its features also include searching, filtering and packet dissection.
NeSA has a good Hex Viewer, which can indicate the data communication direction colors. Regular expression based search is available to locate the evidence and evidence related items. The analysis state of a file can be saved and the analysis can be resumed from that point at a later time.
Visualizing the data in different forms helps the analyst in analysis. The visual data can be in the form of charts and graphs based on different criteria. Analyst will be able to select different aspects of data to be visualized viz. based on IPs, Protocols, etc.
It is possible to decrypt SSL sessions if the private key is available. This must be helpful in debugging network applications and also in analyzing crimes where the private key of SSL sessions is available.
NESA: Now Available
Loads pcap formatted dump files and rebuilds TCP sessions.
Reconstructs files from HTTP, FTP, SMTP and POP3 packets.
Built in Hex, Thumbnail, File and Mail view.
Powerful filter for filtering TCP sessions and packets.
Regular expression based search capability.
Supports port customization and time zone based analysis.