Yes, much as I dislike this abuse of the word “Forensics” (see Rant), I’ll recognize that it is a very popular abuse.
Chaosreader, jpcap, Microsoft Log Parser, and tcpxtract can break up a packet capture (pcap) file (created by tcpdump, Wireshark or Microsoft Net Monitor) into manageable components (including downloaded files). See the Network Forensics Puzzle site for more tools.
CapTipper – Malicious HTTP traffic explorer tool is a python tool to analyze, explore and revive HTTP malicious traffic. CapTipper sets up a web server that acts exactly as the server in the PCAP file, and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations found. The tool provides the security researcher with easy access to the files and the understanding of the network flow, and is useful when trying to research exploits, pre-conditions, versions, obfuscations, plugins and shellcodes.
xtractr does both flow/packet analysis with full-text search
tshark for command-line processing of pcap files
Ipdecap reads packets from a pcap file, removes the encapsulation protocol, and writes them in another pcap file. Supported encapsulation protocols are GRE, IPIP, 6in4, and ESP (IPSEC). Ipdecap can also remove IEEE 802.1Q (virtual LAN) headers.
Palo Alto Networks enterprise firewall, in Tap Mode, can interpret http traffic, parse documents in the traffic, identify P2P applications tunneled over http (such as Skype), and correlate the traffic with a user (not just an IP address).
Net Witness (derived from the retired FBI Carnivore program), monitors network traffic for email and Internet traffic. A free version parses pcap files up to 1 GB.
Spector monitors Internet activity.
Solera Networks offers products and their “What is Network Forensics?” whitepaper.
NetworkMiner for file carving
AIEngine (Artificial Intelligent Engine) is an interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.