You can use NetworkMiner in order to extract files transfered over HTTP, FTP, TFTP and SMB. If you are planning on doing WiFi forrensic you would however also need one (or several) AirPcap adapters from CACE Technologies.
Another good thing (at least in my oppinion) with NetworkMiner is that it is designed to run under Microsoft Windows.
http://networkminer.wiki.sourceforge.net/NetworkMiner
You can use NetworkMiner in order to extract files transfered over HTTP, FTP, TFTP and SMB. If you are planning on doing WiFi forrensic you would however also need one (or several) AirPcap adapters from CACE Technologies.
Another good thing (at least in my oppinion) with NetworkMiner is that it is designed to run under Microsoft Windows.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1884/1129#1129