ProcDOT is a malware analysis tool created by Christian Wojner. The tool is designed to correlate Procmon logs and PCAP data. ProcDOT uses this data and lets you visualize the information in a graph loaded with useful information.

Brian Maloney has developed a plugin for ProcDot called PCAP_tools. This plugin does the following things:

  1. It allows an analyst to extract files from the entire pcap
  2. It allows an analyst to extract files from a specific TCP stream
  3. It gives ProcDOT the ability to follow TCP streams without having to use another tool like Wireshark.

Learn more about this plugin visiting Brian’s blog.

Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *