Thursday, February 25, 2010

Packet Fun

Last week I started playing with NetWitness Investigator, a threat analysis app that makes it very easy to sort and drill down into packets when doing analysis. There's a freeware version (limited to 1 Gb pcaps in the demo and to local collections only). You can download it here. NetWitness runs on Windows or Linux, but the Linux version is in the commercial version only.

So today I took a look at Mu Dynamics xtractor, a cloud app with similar capabilities. Their demo movie takes to task a forensics challenge asking you to answer 8 questions about Ann's online activities. It's quite nifty. The movie is here, as well as a download link. xtractor runs on Linux distros and starts a Web server. Just point your browser at it. They do say Chrome or FireFox work well; IE not so much...

1 comment:

pcapr said...

Thanks for the reference Jeff. Let us know if there's some cool new things you want us to add to xtractr. FYI, there's a Ruby RESTful API for xtractr as well:

Blog Archive