a non-intrusive and secure communications capture device, connected to the communications channel;

a network module, connected to the communications capture device and configured to process communications from a physical layer to a network layer substantially in real-time; and

a session reconstruction unit, connected to the network module and configured to process communications to an application layer in real-time, to group communications into transactions and to arrange transactions in a hierarchical data structure according to dependencies within the information contained in the transactions, the session reconstruction unit further comprising:

a stream creation unit, connected to the network module and configured to receive a plurality of communications and group them into a plurality of streams, and to add connection meta information to each stream, wherein each stream represents a single network connection;

a message decoder, connected to the stream creation unit and configured to create a plurality of transactions from the communications included in the plurality of streams;

a transaction storage, connected to the message decoder, configured to store the plurality of transactions; and

a session reconstruction module, connected to the transaction storage, and configured to receive a transaction of interest, and to retrieve a set of transactions from the transaction storage, the set of transactions being such that each transaction belonging to the set of transactions has a predefined relationship with the transaction of interest, and to group the set of transactions in the hierarchical data structure according to dependencies within the information contained in the transactions.