HTTPS/SSL Network Forensics Device (HTTPS/SSL Interceptor) is designed specially for forensics purpose where it is used to decrypt HTTPS/SSL traffic. It can be used by legal enforcement bodies, police, investigation units, forensics firms, government departments for tracking or monitoring suspects HTTP and HTTPS activities (through Internet). HTTPS/SSL Device has E-Detective web reconstruction function (HTTP Link and HTTP Content) integrated into the system which allow the administrator to see the web page content of normal and secured web page. HTTPS/SSL Interceptor can works in two modes: 1. Man in the Middle Attack (MITM); and 2. Offline Method (Decrypting HTTPS raw data with Private Key Available). In MITM method, it acts as a proxy to the targeted PC/suspect. All traffic from the targeted PC or suspect will be redirected to the HTTPS/SSL Interceptor. Therefore, it can collect the genuine certificate from SSL Server if the targeted PC access to the SSL Server. At the mean time, the HTTPS/SSL Interceptor returns with its own generated certificate. In this method, it allows the HTTPS/SSL Interceptor to decrypt the HTTPS traffic. In Offline Method, with the HTTPS raw data captured, HTTPS/SSL Interceptor is capable to decrypt the traffic if the private key is available. Login usernames and passwords like Google or Gmail login, Yahoo Mail login, ebay login etc. can be captured by the HTTPS/SSL Interceptor.