Extracting Artifacts

Artifacts are the meaningful items hidden inside a capture: transferred files, credentials, images, and session data.

Recovering them turns a stream of packets into concrete evidence of what was sent and seen.

A single file is split across many TCP segments. To recover it you must reassemble the stream in order.

Wireshark and specialized tools handle this automatically when you follow a stream or export objects.