This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Extracting files

MichaelPochan
Beginner
Beginner

‎2016-10-24 04:33 PM

Is there a way to export files (attachments) from recreated events that doesn't involve having to download the attachments? We're looking for a way to extract reconstructed files from sessions and have them emailed to an address we can access on our dirty network for analysis. Is there any way to do this via scripts or NwConsole? Any information or suggestions would be welcome. #netwitness packets #download file #malware_analysis #malware #file export #email transport

1 REPLY 1

Anonymous
Not applicable

‎2016-10-25 11:19 PM

You could likely write a python script which extracts files from identified sessions using the REST API. 

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.