Skip Navigation Links
Skip Navigation Links
Skip Navigation Links
Skip Navigation Links
Investigator
How do you resolve alerts from your IDS or SIM that you do not understand?
Can you quickly understand the scope and impact of malicious activity on your network?
How can you investigate who is leaking information to your competitors or the press?

NetWitness® Investigator is a Windows-based software application that provides unprecedented fast and efficient, free-form contextual analysis of terabytes of raw data captured and reconstructed by the NetWitness NextGen infrastructure. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defense, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments.

With its groundbreaking user interface and unprecedented analytics, Investigator lets you see your network traffic in a new way. Unlike some products which display network traffic in the context of confusing network nomenclature, Investigator uses a lexicon of nouns, verbs and adjectives – characteristics of the actual application layer protocols parsed by NextGen during session reconstruction.

Both novice and expert users can use Investigator to pivot terabytes of network traffic easily to dive deeply into the context and content of network sessions in real-time -- making threat analysis that once took days, take only minutes. It is this intersection of network metrics, rich application flow, and content information that differentiates NetWitness® products from any other capability on the market today.

In addition to the rich data Investigator receives from the NextGen infrastructure of NetWitness Decoders and Concentrators, Investigator can locally capture live traffic and process packet files from virtually any existing network collection device for quick and easy analysis.

Product Features:

  • Real-time, Patented Layer 7 Analytics
         – Effectively analyze data starting from application layer entities like users, email , address, files , and actions.
         – Infinite, free-form analysis paths
         – Content starting points
         – Patented port agnostic service identification
  • Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)
  • IPv6 support
  • Captures live from any wired or wireless interface
  • Full content search, with Regex support
  • Exports data in .pcap format
  • Imports packets from any open-source, home-grown and commercial packet capture system(e.g. .pcap file import)
  • Bookmarking & History Tracking

Choose your Edition:
No matter what your I/T problem, existing infrastructure, or technology preference—there's an edition of NetWitness® Investigator that's right for you. Use the descriptions below to help you choose your edition.

  • Investigator Field Edition
    With Investigator Field Edition you are provided with a full featured, stand-alone product capable of local live capture and local packet file importing. Ideal for tactical and point analysis of network traffic. Importing and capture is limited to 25GB per case, with unlimited cases.

  • Investigator Field Edition Advanced
    As an expanded version of Field Edition, Field Edition Advance is ideal for users that require looking at massive amounts of local data, or require a longer duration of live capture capability. Importing and capture is limited to 500GB per case, with unlimited cases.

  • Investigator Client
    Licensed to customers with a NetWitness NextGen™ infrastructure, Investigator Seat is ideal for multiple enterprise users that require remote analytical access to NetWitness NextGen™ systems. Importing is limited to 10GB per case, with unlimited cases. Local live capture is not supported.

Deployment:
NetWitness Investigator is licensed per computer host, and can be used to locally process packet files, collect live from a network tap or span port with insight into network traffic of your choice. In addition, Investigator is fully integrated with all NetWitness NextGen™ products.

Screenshots:

Navigation – Pivot and drill into multiple dimension of traffic across all network layers. Event View – View complete details about suspect network sessions with full content previews. Content Search – Search network session content via Google®-like interface, that supports Regex.

Minimum system requirements:
NetWitness recommends the following minimum hardware requirements for NetWitness Investigator.

  • Windows® XP, 2003 Server, or Vista
  • Single 3Ghz Intel-based processor(Dual-core recommended)
  • 1GB RAM (2GB or more recommended)
  • 1 Ethernet Port
  • Internet Explorer v6+
  • Ample data storage for collected data

Call 703-889-8950 or contact sales@netwitness.com for more information about NetWitness® Investigator and other NetWitness NextGen™ products.



 Support Partners Blog