There are some exciting new enhancements to NetWitness coming with the release of 9.5 in early August.  One of the most compelling areas we have been working on is in content extraction.  If there is a single use-case that I see at almost all of our best client sites, it would be the extraction and analysis of malware.  Another very common use case is the collection and analysis of certain types of content, such as executables, PDF files, and other documents.  In many cases, the second is to facilitate the first.

Well, we listen.  We decided getting at any piece of content should be easy.  And we did it the way we always do it – at enterprise scale and speed.  In the end, exporting anything from NetWitness is as much as 10 or 20 times faster in 9.5 than in 9.0, all while EASING the burden on capture.

Once we had such immediate access to content, we began exploiting that access.  What follows is a quick demo of two of the many enhancements in 9.5.  Content exporting through NetWitness Investigator, and the new NetWitness Visualize.  For those customers interested in content extraction, and even our freeware community, exporting any type of file – or indeed ALL files – from network captures could not be easier.

The Export Files dialog in Investigator

For our enterprise customers, NetWitness Visualize is something we have wanted to create since the very early days of NetWitness.  People who have seen Visualize frequently bring up references to that Tom Cruise movie Minority Report.  The product does not ship with a pool full of hairless psychics, but the perspective that Visualize can provide is something I think is unique to our industry. 

Visualize Screenshot

What follows is a very quick demo:

NetWitness Visualize and Content Extraction Demo

We really recommend that you watch the video first, before checking out our demonstration site:

http://visualize.netwitness.com

If you would like to see Visualize in action before the release – find us at Blackhat 2010 in Las Vegas next week!