This feature lets you even quickly find out which server or which requests were responsible that specific data/code got on the underlying system, by which process it was written, how often, who injected what, which autostart registry key was set, what happened when, and so forth. Besides that ProcDOT is now also capable of animating the whole infection evolution based on a timeline of activities.
It correlates Procmon logfiles and PCAPs to an interactively investigateable graph. It's called ProcDOT - I already gave a preview of the alpha version some months ago at SANS Forensics Summit in Prague - and it is an absolute must have tool for everyone's lab, at least in my humble opinion -) I'm very proud to announce that our (CERT.at - CERT Austria) latest contribution to the malware analysis community is finally available as open beta. Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
0 kommentar(er)
