Table of Contents Introduction Wireshark HTTP objects and files Binary files Tcpflow & Foremost Introduction The process is mostly the same in network packets data-carving, which comprises of: Gain access and collect the raw bytes Strip the protocol information Extract and write the data to file The differences of these tools are their capabilities i.e., the supported protocols and file formats.