ExtraHop Packet Forensics

ExtraHop Packet Forensics provides continuous, always-on full packet capture (PCAP) across on-premises and cloud network environments. The solution enables security and network operations teams to conduct forensic investigations by capturing network traffic data for analysis and evidence collection. The product offers access to metrics, records, and packets through an integrated investigation workflow. It includes a built-in packet viewer with file carving capabilities, eliminating the need for multiple separate tools during packet analysis. The platform indexes and makes searchable detections, transaction records, and packets to support root-cause analysis. ExtraHop Packet Forensics supports hybrid cloud environments and provides decryption capabilities for encrypted traffic, including TLS 1.3 Perfect Forward Secrecy. The solution tracks exploited assets and compromised data to help determine the scope of security incidents. Storage can be extended modularly up to petabytes using high-density storage units. The platform integrates with the RevealX NDR solution and supports chain-of-custody evidence collection requirements. It provides visibility into zero trust environments through SSE integrations and decryption features. The solution aims to reduce mean time to innocence (MTTI) for troubleshooting application and network performance issues.