Reconstructing the Data Stream |
|
Observer’s data stream reconstruction feature is ideal for network forensics, allowing you to proactively enforce corporate IT usage policies. This is because Observer not only shows what communications took place, it can also reconstruct the data stream–providing hard evidence of phone conversations, web pages (including images), instant messages, and e-mails. Before reconstructing these communications, you must first capture the data stream. For any other probe, this requires a standard packet capture. With the GigaStor, all you have to do is select a time period you would like to investigate. |
|
Once the data stream is captured, select Decode. Then click the Expert tab and the TCP Events button. To reconstruct a web page, right-click on any site address and select “Stream Reconstruction”. |
 |
The Stream Reconstruction contains a summary of web traffic activity, with a link to the actual web page html data that was downloaded. |
 |
Clicking the link “tempfile.htm” will reconstruct the web page, including images. |
 |