I have successfully used NetworkMiner with other pcaps to extract all files, so you mileage may vary. This underscores the importance of testing your tools. However, NetworkMiner failed to automatically extract all the files that were being downloaded in the pcap file I was using. My plan was to contrast NetworkMiner's automated process against the more manual process of extracting files using Wireshark and a hex editor or the `foremost` command.
I like it because it automates the process.
I have used NetworkMiner a few times to recover malware from pcaps. When I started writing this post, my intention was to show off some of the capabilities of NetworkMiner for recovering files from network packet captures. Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
0 kommentar(er)
