Various protocols allow transferring files (e.g: HTTP, POP3) and some are made for the sole purpose of transferring files (FTP, SMB etc).
From a network security monitoring perspective, transferred files are interesting because they can contain malicious software or prohibited content.
Netcap extracts files from HTTP and saves them to disk, for both HTTP responses and HTTP requests. It uses the File audit record type to model the extracted information.
Read more about it in the documentation: File Extraction.