Use TcpFlow to get Docs from Wiretraces

I have used other carvers before.  But this looks pretty easy to do.  I’ll have to try it out with a trace someday.

http://isc.sans.edu/diary/tcpflow+1.4.4+and+some+of+its+most+Interesting+Features/17408

This entry was posted in Security. Bookmark the permalink.