Skip to content
Log in

PCAP file

Definition

A packet capture file storing raw network frames in the libpcap format. PCAP files are the standard exchange format between network forensic tools. Wireshark, NetworkMiner, Zeek, and most other network analysis platforms can read PCAP files as input.

Related terms

Device profile
A vendor-maintained database entry describing how to communicate with a specific make, model, and firmware version of a mobile device. The profile...
Logical extraction
NIST SP 800-101 R1 Level 2 acquisition. Uses the OS-exposed backup APIs (Android ADB backup, iOS iTunes/Finder backup, MTP for media) to...
NIST CFTT
The National Institute of Standards and Technology Computer Forensics Tool Testing programme. It publishes independent test reports for digital forensic tools, including...
Physical extraction
An acquisition method that reads the raw storage medium, producing a bit-for-bit image from which allocated and deleted data can both be...
Zeek (formerly Bro)
An open-source network analysis framework that processes live traffic or PCAP files and produces structured per-session log files covering DNS, HTTP, SSL,...

Explained in

  • Mobile and Network Forensics ToolchainsA packet capture file storing raw network frames in the libpcap format. PCAP files are the standard exchange format between network forensic tools. Wireshark,...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account