NetWitness has released a free version of their Investigator product. This tool reads and parses a capture file and lets you slice and dice the data in all kinds of interesting ways. Basically, it can read a WireShark or tcpdump file as a source and give you the ability to analyze it in great detail. Here is the link:
http://download.netwitness.com/
Here’s a quick and dirty youtube vid on how it works:
http://www.youtube.com/watch?v=QDxTPYn2O2g
In fact, they’ve even got training vids on a youtube channel dedicated to the Investigator product:
http://www.youtube.com/netwitness
Good Stuff.
Posts
No comments:
Post a Comment