Hi all,
Actually I am planning one complete analysis system(long term) for detecting and tracing malware and other threats, it can do:
1, live capture full-content network(up to several GBs)
2, and extract files and contents from traffic, specially these contents in http, ftp, email traffic
3, and send these contents to local sandbox, or to remote sandbox service, for checking them; or check them against external threat intelligence.
Could you help recommend some tools for the above jobs?
I do need the experience, suggestion and comment from you all.
Thank you !
Regards,
John