NetWitness Investigator Freeware

Release Date: 3/16/2012
Version: 9.7.5.4
File Size: 137.9MB

Download Now

NetWitness® Investigator is the award-winning interactive threat analysis application of the NetWitness enterprise network monitoring platform. Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data.

You need to know everything that is happening on your network and have the power to drill into network and application layer session attributes on the fly and get answers to any question that might arise regarding an emerging threat. NetWitness Investigator is the only product that gives you the deep knowledge contained in full packet capture and session analysis and the capability to move mountains of data and obtain actionable intelligence in just a few easy clicks.

Get started by viewing a video introduction to NetWitness Investigator.

Also view our YouTube Channel or a FREE Advanced Training Webcast to learn about the latest features and advanced capabilities like FlexParse. Click here to watch the training Webcast.

NetWitness Investigator supports NetWitness® Live, an online, 24x7 data service that provides immediate access to real-time threat-intelligence. Freeware users are provided access to daily threat intelligence from the SANS Internet Storm Center , the Department of Treasury and select NetWitness content helpful in identifying the latest network threats. 

EULA Notice: NetWitness Investigator Freeware has an annual renewable license, as defined in the Investigator Freeware EULA. One year from activation date, all users will be prompted through the application to login to the registration portal and validate registration information. Simply use your community user credentials (as existing account) and follow the on-screen instructions to continue to leverage the award-winning NetWitness Investigator that thousands of security professionals depend on every day.

  • 802.11 support
  • Right-click custom actions
  • Windows 7 support
  • Captures raw packets live from most wired or wireless interfaces
  • Imports packets from any open-source, home-grown and commercial packet capture system (e.g. .pcap file import)
  • License supports 25 simultaneous 1GB captures - far exceeding data manipulation capabilities of packet tools like Wireshark
  • Real-time, patented layer 7 analytics
    • Effectively analyze data starting from application layer entities like users, email, address, files , and actions.
    • Infinite, free-form analysis paths
    • Content starting points
    • Patented port agnostic service identification
  • Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)
  • IPv6 support
  • Full content search, with Regex support
  • Exports data in .pcap format
  • Bookmarking & history tracking
  • Integrated GeoIP for resolving IP addresses to city/county, supporting Google® Earth visualization
  • SSL Decryption (with server certificate)
  • Interactive time charts, and summary view
  • Interactive packet view and decode
  • Hash PCAP on Export
  • Supports Org, Domain, and ISP databases
  • Supports NetWitness Live Threat Intelligence
  • Supports VLAN meta tagging
  • Supports IP Tunnel(i.e. GRE) meta tagging

Minimum System Requirements
NetWitness recommends the following minimum hardware requirements for NetWitness Investigator:

  • Windows® XP, 2003 Server, Vista, or 7 (32/64-bit)
  • Single 2Ghz Intel-based processor(Dual-core recommended)
  • 1GB RAM(2GB Recommended)
  • 1 Ethernet Port
  • Internet Explorer v7+ (IE v6.x may limit some functionality)
  • Ample data storage for collected data
  • Note: Linux infrastructure available in commercial versions