ProcDOT is a malware analysis tool created by Christian Wojner. The tool is designed to correlate Procmon logs and PCAP data. ProcDOT uses this data and lets you visualize the information in a graph loaded with useful information.
Brian Maloney has developed a plugin for ProcDot called PCAP_tools. This plugin does the following things:
- It allows an analyst to extract files from the entire pcap
- It allows an analyst to extract files from a specific TCP stream
- It gives ProcDOT the ability to follow TCP streams without having to use another tool like Wireshark.
Learn more about this plugin visiting Brian’s blog.