Comments on: Network Forensics – Extracting audio, video and other binary data from capture files http://michaeldundas.com/2008/10/17/network-forensics-extracting-audio-video-and-other-binary-data-from-capture-files/ Precision, Integrity, Communication Fri, 30 Mar 2012 09:51:26 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Michael Dundas http://michaeldundas.com/2008/10/17/network-forensics-extracting-audio-video-and-other-binary-data-from-capture-files/comment-page-1/#comment-17 Michael Dundas Wed, 03 Dec 2008 22:28:00 +0000 http://clear2go.wordpress.com/2008/10/17/network-forensics-extracting-audio-video-and-other-binary-data-from-capture-files/#comment-17 Erik.<br/><br/>Thank you for the comment. I will review network miner. I like open source forensic tools and love seeing progress in their development and use. I also feel that is is important that individuals are armed with a detailed understanding of how things work, which can be a problem if it is just a 'tool' they use. Technical understanding is important especially for credibility in court or in front of a executive team. To say "I did this with product X" is one thing, but you get more credibility if you can explain that this is how it actually works, and how the product does it.<br/>-mike Erik.

Thank you for the comment. I will review network miner. I like open source forensic tools and love seeing progress in their development and use. I also feel that is is important that individuals are armed with a detailed understanding of how things work, which can be a problem if it is just a ‘tool’ they use. Technical understanding is important especially for credibility in court or in front of a executive team. To say “I did this with product X” is one thing, but you get more credibility if you can explain that this is how it actually works, and how the product does it.
-mike

]]> By: Erik http://michaeldundas.com/2008/10/17/network-forensics-extracting-audio-video-and-other-binary-data-from-capture-files/comment-page-1/#comment-16 Erik Wed, 03 Dec 2008 12:24:00 +0000 http://clear2go.wordpress.com/2008/10/17/network-forensics-extracting-audio-video-and-other-binary-data-from-capture-files/#comment-16 There is a much better application available for extracting transfered files from PCAP's. The tool is called <a HREF="http://networkminer.sourceforge.net" REL="nofollow">NetworkMiner</a> and is available at SourceForge.net.<br/><br/>There is also a description for how to go about in order to dump media files (video, music etc.) to disk without first creating a pcap file. The description is available at the <a HREF="http://networkminer.wiki.sourceforge.net" REL="nofollow">NetworkMiner wiki</a>:<br/><br/><a HREF="http://networkminer.wiki.sourceforge.net/save+media+files" REL="nofollow">http://networkminer.wiki.sourceforge.net/save+media+files</a><br/><br/>NetworkMiner is, however, a Windows application. But you can run it under *nix OS's by using Wine. Check this blog post out: <a HREF="http://geek00l.blogspot.com/2008/12/drunken-monkey-running-network-miner.html" REL="nofollow">Drunken Monkey: Running Network Miner with Wine</a> There is a much better application available for extracting transfered files from PCAP’s. The tool is called NetworkMiner and is available at SourceForge.net.

There is also a description for how to go about in order to dump media files (video, music etc.) to disk without first creating a pcap file. The description is available at the NetworkMiner wiki:

http://networkminer.wiki.sourceforge.net/save+media+files

NetworkMiner is, however, a Windows application. But you can run it under *nix OS’s by using Wine. Check this blog post out: Drunken Monkey: Running Network Miner with Wine

]]>