Hackers of India

Visual Network and File Forensics using Rudra

 Ankur Tyagi 

2016/08/06

Rudra aims to provide a developer-friendly framework for exhaustive analysis of pcap files (later versions will support more filetypes). It provides features to scan pcaps and generates reports that include pcap’s structural properties, entropy visualization, compression ratio, theoretical minsize, etc. These help to know type of data embedded in network flows and when combined with flow stats like protocol, Yara and shellcode matches eventually help an analyst to quickly decide if a test file deserves further investigation.