File extractions are a valuable part of a forensic investigation. In Security Analytics, these extractions are the reconstruction of files found within the payload of packets captured traversing a network. By providing entire files or artifacts, you can see what the user sees, whether that is an image file or an executable. Downloading of files recovered from extractions is available, as there may be a use case where you need to analyze files offline, such as to reverse engineer or submit to a third-party forensics tool. While on the Summary page, click the Extractions tab. Click on the artifact you are interested in. Once it expands, you will see a menu bar with the option download the file. You then have the choice of downloading the artifact as the file or the related packet capture. Since you are looking for the offending file, click on Download artifact.
