AnsweredAssumed Answered

Working with base64 encoded files in Investigator

Question asked by RSA Admin Employee on Nov 14, 2012
Latest reply on Nov 16, 2012 by RSA Admin

Is there any way to decode base64 encoded files from within Investigator other than resorting to outside tools? I've tried opening the session in Wireshark, but base64 decoding seems to be broken under Windows. Any suggestions?

 

My solution thus far has been to:

 

  1. save files from the session from the Content window
  2. Open the file in an hex editor
  3. Select the appropriate bytes and run them through a base64 decoder (there's a function in notepad++ to do this, as well as various Web sites).
  4. Save the contents to a file and open with the appropriate application.

 

Anything shorter or simple?

 

Thanks,

Charlie

Outcomes