Hi Folks,I recently a recorded a few brief videos explaining the
Investigation module of NetWitness. They’re broken into 3 sections that
cover the Navigate View, Event View, and Profiles.Much like this blog
post, I tried to keep them as short as poss...
Great stuff Evan! Not sure if this should be forked into your script
globally but I added an additional option to your script removing the
IPv6 addresses from the puppet ip scraper since it created a few
additional entries in the output grep -i ipadd...
Hey Pranav,There are actually many different methods to extract pdf's
from network sessions. Depending on your version, likely the easiest way
is to drill into the session containing the pdf with Event
Reconstruction. Switch your view to View Files. ...
That depends on if your other Decoders capture the same traffic. If they
capture something completely different, it may not be necessary.
However, I always replicate all my app rules across Decoders. I wouldn't
call that a "best practice" because the...