[Snort-users] Automated File Carving?

Jefferson, Shawn Shawn.Jefferson at ...14448...
Wed Aug 8 14:13:41 EDT 2012


Not specifically Snort related, but I thought this might be a good place to ask first.

I have Snort IDS sensors, with full packet capture (OpenFPC), and Stream capture (StreamDB), and one-click access to these via customized BASE.  One extra thing I find myself wanting is automated file carving... sometimes I want to see the actual file downloaded (be it a PDF, or executable).  I would prefer to have a one-click access to this, so I was wondering if there is anything that automatically will carve files out and store them for easy retrieval?  BroIDS maybe?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120808/6495be3a/attachment.html>

More information about the Snort-users mailing list