NetWitness Investigator Free edition v8.6 : the tactical network analyzer

Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed by the NetWitness NextGen infrastructure. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defense, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments.


  • NEW! SSL Decryption (with server certificate)
  • NEW! Interactive time charts, and summary view
  • NEW! Interactive packet view and decode
  • NEW! Hash Pcap on Export
  • NEW! Enhanced content views
  • Real-time, Patented Layer 7 Analytics
  • Effectively analyze data starting from application layer entities like users, email, address, files , and actions.
  • Infinite, free-form analysis paths
  • Content starting points
  • Patented port agnostic service identification
  • Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)
  • IPv6 support
  • Captures live from any wired or wireless interface
  • Full content search, with Regex support
  • Exports data in .pcap format
  • Imports packets from any open-source, home-grown and commercial packet capture system(e.g. .pcap file import)
  • Bookmarking & History Tracking
  • Integrated GeoIP for resolving IP addresses to city/county, supporting Google Earth visualization

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Related Articles

Data Mining
NetWitness Investigator