ProcDOT is a malware analysis tool created by Christian Wojner. The tool is designed to correlate Procmon logs and PCAP data. ProcDOT uses this data and lets you visualize the information in a graph loaded with useful information.

Brian Maloney has developed a plugin for ProcDot called PCAP_tools. This plugin does the following things:

  1. It allows an analyst to extract files from the entire pcap
  2. It allows an analyst to extract files from a specific TCP stream
  3. It gives ProcDOT the ability to follow TCP streams without having to use another tool like Wireshark.

Learn more about this plugin visiting Brian’s blog.

Load More Related Articles
  • FSEParser v 2.1 released

    New version of FSEventsParser has been released. FSEvents files are written to disk by OS …
  • Volatility Workbench Beta

    PassMark Software has released a beta version of Volatility Workbench – a graphical …
  • Mac FS Events Parser for Autopsy

    Mark McKinnon has written a plugin that will export the /.fseventsd directory to the temp …
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *