Post Tue Feb 17, 2009 12:17 pm

NetWitness Investigator 8.6 SP1 Released

SP1 of 8.6 AKA is out. Not sure what is different between this and the previous version .9, since there's no clear changelog. That notwithstanding, here's the quote from the download page:

Release Date:      2/11/2009
Version:      (8.6 SP1)
File Size:              88.2MB

Product Features:

*Captures raw packets live from most wired or wireless interfaces
*Imports packets from any open-source, home-grown and commercial packet capture system (e.g. .pcap file import)
*License supports 25 simultaneous 1GB captures - far exceeding data manipulation capabilities of packet tools like Wireshark
*Real-time, patented layer 7 analytics
     – Effectively analyze data starting from application layer entities like users, email, address, files , and actions.
     – Infinite, free-form analysis paths
     – Content starting points
     – Patented port agnostic service identification
*Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)
*IPv6 support
*Full content search, with Regex support
*Exports data in .pcap format
*Bookmarking & history tracking
*Integrated GeoIP for resolving IP addresses to city/county, supporting *Google® Earth visualization
*NEW! SSL Decryption (with server certificate)
*NEW! Interactive time charts, and summary view
*NEW! Interactive packet view and decode
*NEW! Hash PCAP on Export
*NEW! Enhanced content views
*NEW! Now supports Org, Domain, and ISP databases

Minimum system requirements:

NetWitness recommends the following minimum hardware requirements for NetWitness Investigator:

*Windows® XP, 2003 Server, or Vista 32-bit
*Single 2Ghz Intel-based processor(Dual-core recommended)
*1GB RAM(2GB Recommended)
*1 Ethernet Port
*Internet Explorer v7+ (IE v6.x may limit some functionality)
*Ample data storage for collected data
*Note: Linux infrastructure available in commercial versions

This is an awesome program. Definitely worthy of your time. I'd be interested to see what you think of it, and whether you'd consider replacing Wireshark? Of course this would just be on the Windows side as Linux versions are only available with the commercial version. But a worthy question nonetheless.

Last edited by don on Tue Feb 17, 2009 3:18 pm, edited 1 time in total.