1. Contextual Drill-down

1.1. Concept

Contextual drill-down is a NEXThink Finder feature allowing you to further analyze the investigation results while keeping the context of the original investigation, such as retrieving the users of some applications you've just got as the output of an investigation.

1.2. Example

Here is an example of a contextual drill-down analysis:

1. The user retrieves devices (sources) that have generated HTTP traffic

2. He's wondering which applications were used on a particular device to generate HTTP traffic. Therefore he right-clicks on that device and selects Drill-down to ->Objects-> Applications

   • 

3. He's pretty surprised to see one application generating HTTP traffic and would like to have more information by displaying the incriminating connections. He right-clicks on that application and selects Drill-down to -> Connections

   • 

4. The connections are displayed. As the analysis is contextual, it means that previous conditions are kept for the new investigation. In this particular example, we end up with the HTTP connections from one device (source) (NXT-D08) with one application (NEXThink Finder).

   • 

1.3. Contextual drill-down vs. one-click investigations

The main difference between the contextual drill-down and the one-click investigations is how the context is handled. The drill-down keeps the context but the one-click investigation launches a completely new investigation. For instance, if you had used a one-click investigation (such as "List applications for source") in the second step of the above example, we'd have ended up with the list of all applications used on the device (source) and not only the ones which generated HTTP traffic.