Skip to main content
Skip table of contents

Download File Attachments from Captured Sessions

You can download reconstructed file attachments from a captured session for further investigation. For example, you might need to review files that were sent to and received by a specific user for legal matters.

Single files are downloaded in their original format. If a session contains multiple files, the files are downloaded in a .zip archive. The archive is named according to the date and time the request is submitted. Depending on your browser settings, reconstructed files are saved to your default download location, or you can specify a location and optional file name.

If your browser blocks automatic downloads of potentially dangerous files, you need to configure the browser to prompt you for the location of all downloaded files.

When you request a download, NetMon displays status and progress in a pop-up dialog box. The final results of the request are indicated in the same dialog.

Please note the following restrictions and precautions regarding the use of NetMon for downloading reconstructed files from captured sessions:

  • Attachments could be corrupted or incomplete, or could contain malware. Always use caution when reconstructing and opening attachments.
  • File reconstruction is currently limited to SMTP attachments.
  • NetMon cannot reconstruct files if an existing file request is in progress—jobs cannot run simultaneously.
  • If a user cancels a file reconstruction request in progress, the system might not be able to reconstruct any additional files for several minutes.
  • Some attachments could be irretrievable.

To download attachments from a captured session, do the following:

  1. On the top navigation bar, click Analyze, and then click File Reconstruction Dashboard.
  2. Scroll down to the Attachment Table.
    Each row in the table represents a periodic update of a session or flow.
  3. In the Attach column, click the Download icon for a selected session to download attachments.

  4. NetMon queues the download and prompts you for the file name and location.
    All attached files from the session are packaged in a .zip archive.

    Mac OS X users need to install an application to extract the contents of downloaded .zip files. For this purpose, p7zip can work well.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close