Wiretapping, including interception and recording of communications, can be quite useful in investigations by governmental agencies such as law enforcement, as well as private investigative agencies. Although originally developed to intercept analog telephonic communications, more recently agencies have discovered that wiretapping can also be useful in intercepting message packets transmitted by a computer or other packet source device, or received by another computer or other packet destination device, over, for example, a digital data network such as the Internet, World Wide Web, or the like.
Message packets may contain a variety of types of information in a variety of different formats. For example, message packets may contain information in textual form, information that defines an image, information that defines a Web page, or other types of information as will be appreciated by those skilled in the art. Textual information may be in plain text form or in a format that is used by a word processing program. Textual information may also be in a format such as that defined by, for example, the HyperText Markup Language (“HTML”), which is used to defined a Web page. Information that defines an image may be in any of a number of formats, including the well-known bitmap, GIF (Graphics Interchange Format),JPEG (Joint Photographic Experts Group), and MPEG (Motion Picture Experts Group) formats, the first three being used for still images and the last being used for moving images. Message packets may also contain audio files, which are intended to be played by the device that receives the respective message packets, in any of a number of formats, including the well-known MP3 (MPEG version 3), RM (Real Media) formats.
The information in a message packet may also be compressed using, for example, the well known ZIP compression methodology, or any of a number of other well-known compression methodologies. Alternatively or in addition, the information may be encoded using, for example, the well-known UUENCODE encoding methodology, which converts binary data to ASCII characters, which can, for example, be sent in Email, or using any of a number of other well-known encoding methodologies. In addition, the information may be encrypted using any of a number of well-known encrypting methodologies.
Given the wide variety of types of information that may be contained in message packets that have been intercepted during a wiretap session, it is often difficult to efficiently recognize the content of message packets and information streams contained in a series of message packets associated with a particular connection.