Proj X8: Finding Items with NetWitness (15 pts.)

Getting the PCAP File

Doanload this file and save it:


Verify the MD5 hash of the file. The correct value is 45094695ea765c54bfe80393d2d68f24.


Load the captured packets into NetWitness.

Find these items, and save an image of your whole desktop when you do.

FTP Download

Find an FTP download of a ZIP file.

Save an image like this one, showing the name of the downloaded file.

Yahoo Search

Find reconstructed Yahoo search page.

Save an image like this one, showing the term which was searched for.

Gear Image

Find this image that was viewed in a reconstructed page. Your image should have some writing in the lower left corner which has been redacted from my sample image below.

Turning in Your Project

Email the images to with a Subject line of Proj X8 from Your Name. Send a Cc: to yourself.

Last modified 4-18-13 6:36 am