This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

(not) easy to use?

0

I just don't understand all the technical words. Now that I have Wireshark, how can I see a network that I've already had access to. I need to read my brothers e-mail. He passed away and has some documents, etc saved in his inbox.

asked 08 Nov '10, 09:31

heylookhere's gravatar image

heylookhere
1111
accept rate: 0%

edited 08 Nov '10, 10:21

Jaap's gravatar image

Jaap ♦
11.7k16101


One Answer:

0

Wireshark will not do you any good as the information you are seeking sits on the harddrive. Wireshark can only make things visible that are transferred over the network.

What you are looking for is a (host) forensics tool. I'm sorry but I can't advice you any further as I have never looked into forensics myself...

answered 08 Nov '10, 11:08

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

it info in his e mail account rests in his g mail account....not the hard drive. what is a host forensic tool? keylogger??

(08 Nov '10, 11:12) heylookhere

A (host) forensic tool can search through all data on a hard drive to extract data.

However, if the mails are on Gmail, then you would need to find out the password to access that mail. I'm sure Google will cooperate in accessing the mail in your situation if you supply them with the information that they need to confirm the authenticity of your request.

(08 Nov '10, 11:19) SYN-bit ♦♦

and my brother's laughed at me when I gave them my "in case I die, here's the master password for my password-manager/acct list...."

By the way, GMAIL typically is setup to stay logged in. I'm assuming you already tried firing it up to see if it will log you in? Assuming everything is up-n-up, the browser cache/cookie may just let you in.

(08 Nov '10, 11:24) hansangb