NetWitness Investigator 9.7.5.9

A raw network data analysis application that relies on the power of WinPcap to capture packets and then performs real-time contextual analysis of the data
NetWitness Investigator gathers network data captured by the RSA NetWitness network-monitoring platform, providing the tools you need to analyze packets and identify potential threats that might affect the functionality of the interconnected computers.

Making use of the WinPcap capture driver, this application can identify all packets that are transmitted throughout your network, also providing options for analyzing existing raw network data (PCAP, TCP, PCAP.GZ, TCP.GZ files).

The application can process the input file or the real-time captured data and generate complete security-related reports concerning various aspects, such as the informational risk, hostname aliases, source and destination addresses of each transferred packet, events and users, along with data on the connected computers (operating systems, languages, ports, network configurations etc.). Also, you can view the Ethernet source and destination and IP addresses.

Each dataset or capturing session is saved as a separate 'collection' of data, allowing you to easily navigate and manage items.

NetWitness Investigator supports rules for packet capturing and file importing and allows you to configure custom actions (for instance, to look for data on Google or send it to a whois service). Data collections can be easily exported to your computer for later use.

The integrated bookmark manager enables you to quickly access desired sessions, while the 'History' section enables you to search for a previous collection. Provided you have Google Earth installed, you can display the capture locations and the traffic flow on a map.

To summarize, NetWitness Investigator helps you get an overview on the data that travels throughout the network, in the attempt to identify possible threats. Its intelligible GUI, along with the analysis capabilities make it a great tool for network administrators.

Reviewed by Mihaela Citea on January 27th, 2014


last updated on:
January 31st, 2014, 8:17 GMT
file size:
131.5 MB
price:
FREE!
developed by:
NetWitness Corporation
license type:
Freeware
operating system(s):
Windows XP / Vista / 7 / 8 / 2003 / 2008
category:
C: \ Network Tools \ Network Monitoring

FREE!

In a hurry? Add it to your Download Basket!

softpedia rating

3.5/5

user rating 5

UNRATED
4.6/5
 

0/5

10 Screenshots
NetWitness Investigator - You can read the content of the imported PCAP or TCP file using the main window of NetWitness Investigator.NetWitness Investigator - Users can easily create a new local or a remote collection and import packet files to the current collection.NetWitness Investigator - The 'Edit' menu allows you to set capturing and importing rules or configure custom actions.NetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness Investigator
What's New in version 9.0.5.1
  • New! 802.11 support
  • New! Right-click custom actions
  • New! Windows 7 support
  • Captures raw packets live from most wired or wireless interfaces
read full changelog
 

Application description

NetWitness Investigator is the award-winning interactive threat analysis application of the NetWitness NextGen pr...

Add your review!

SUBMIT