Corporations, military, and government organizations are creating massive repositories of network traffic in various forms, including Pcap (packet capture) files, mail archives, IM archives, and line-rate packet captures. These repositories are used for security forensics, lawful intercept, business intelligence, and legal artifacts. They can be very large and contain both networking attributes and content information. Networking attributes are protocol details that describe the genetic nature (network footprints) of the sessions. The content can include actual conversations, files, voice dialogs, pictures, and any other human interpretable information contained in the sessions. Furthermore, there are typically social relationships between many or all of the sessions in the repository. These include, for example, who is talking to who, common web servers, common mail servers, common information, and conversation threads.
Much of the information shared between two parties is not stored on disk. For example, web based conversations, phone calls, cut and paste transfers, social networking tasks, and any web based application that is not logged locally.
It would thus be desirable to provide methods, systems and computer program code (software) products that enable full search access to all of these operations, including any data that is stored locally or remotely.
Aspects, examples, and practices of the invention will next be described in greater detail in the following Detailed Description of the Invention, in conjunction with the attached drawing figures.