There are some exciting new enhancements to NetWitness coming with the release of 9.5 in early August.  One of the most compelling areas we have been working on is in content extraction.  If there is a single use-case that I see at almost all of our best client sites, it would be the extraction and analysis of malware.  Another very common use case is the collection and analysis of certain types of content, such as executables, PDF files, and other documents.  In many cases, the second is to facilitate the first.

Well, we listen.  We decided getting at any piece of content should be easy.  And we did it the way we always do it – at enterprise scale and speed.  In the end, exporting anything from NetWitness is as much as 10 or 20 times faster in 9.5 than in 9.0, all while EASING the burden on capture.

Once we had such immediate access to content, we began exploiting that access.  What follows is a quick demo of two of the many enhancements in 9.5.  Content exporting through NetWitness Investigator, and the new NetWitness Visualize.  For those customers interested in content extraction, and even our freeware community, exporting any type of file – or indeed ALL files – from network captures could not be easier.

The Export Files dialog in Investigator

For our enterprise customers, NetWitness Visualize is something we have wanted to create since the very early days of NetWitness.  People who have seen Visualize frequently bring up references to that Tom Cruise movie Minority Report.  The product does not ship with a pool full of hairless psychics, but the perspective that Visualize can provide is something I think is unique to our industry. 

Visualize Screenshot

What follows is a very quick demo:

NetWitness Visualize and Content Extraction Demo

We really recommend that you watch the video first, before checking out our demonstration site:

http://visualize.netwitness.com

If you would like to see Visualize in action before the release – find us at Blackhat 2010 in Las Vegas next week!

This is a significant percentage of the related government activity we mentioned with the release of the report.  Much of this is ongoing, and there are dozens of similar operations.  Credit where credit is due, Nart Villeneuve, from SecDev.cyber has a great write up on the targeted government attacks here:

www.infowar-monitor.net

If you have recently heard of the North Korean nuclear spear phish…  same guys.

I am not sure anyone really can understand how hard it is, to make a computer tutorial video that looks even remotely watchable on youtube.  It took quite a few trys to figure out how far I needed to zoom in, to make it readable at a resolution that was cutting edge in 1992.

In my searches for options, I stumbled on ViddYou.  Consider it a youtube clone, that will allow HD content for about 3 dollars a month.  The tutorial is now there as well – in a much clearer format.