[Snort-users] Automated File Carving?
Shawn.Jefferson at ...14448...
Wed Aug 8 14:13:41 EDT 2012
Not specifically Snort related, but I thought this might be a good place to ask first.
I have Snort IDS sensors, with full packet capture (OpenFPC), and Stream capture (StreamDB), and one-click access to these via customized BASE. One extra thing I find myself wanting is automated file carving... sometimes I want to see the actual file downloaded (be it a PDF, or executable). I would prefer to have a one-click access to this, so I was wondering if there is anything that automatically will carve files out and store them for easy retrieval? BroIDS maybe?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users