Skip to content
Log in

Zeek (formerly Bro)

Definition

An open-source network analysis framework that processes live traffic or PCAP files and produces structured per-session log files covering DNS, HTTP, SSL, file transfers, and connection metadata. Zeek does not store raw packets, making it better suited to high-volume monitoring than interactive packet inspection.

Related terms

Device profile
A vendor-maintained database entry describing how to communicate with a specific make, model, and firmware version of a mobile device. The profile...
Logical extraction
NIST SP 800-101 R1 Level 2 acquisition. Uses the OS-exposed backup APIs (Android ADB backup, iOS iTunes/Finder backup, MTP for media) to...
NIST CFTT
The National Institute of Standards and Technology Computer Forensics Tool Testing programme. It publishes independent test reports for digital forensic tools, including...
PCAP file
A packet capture file storing raw network frames in the libpcap format. PCAP files are the standard exchange format between network forensic...
Physical extraction
An acquisition method that reads the raw storage medium, producing a bit-for-bit image from which allocated and deleted data can both be...

Explained in

  • Mobile and Network Forensics ToolchainsAn open-source network analysis framework that processes live traffic or PCAP files and produces structured per-session log files covering DNS, HTTP, SSL, file...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account