NetWitness provides several different entry points into the same data to support many different use cases. Ultimately trying to decide if we can better streamline our views into the data. Before looking at optimizations that can be done on each view want to take a further look at our current views to see which ones are really valuable to analysts.
If you had to rank the following views from an analyst value how would you?
1) Text View - ASCII representation of the packet data
2) HEX View - HEX representation of the packet data
3) Packets View - RAW packet data
4) File View - Ability to view files present in sessions and extract them
5) Email View - ASCII rendering of email communications
6) Web View - HTML rendering of web sessions
7) Meta View - All meta generated for session